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Ignite MySQL 

BY ALEX HANDY 

Most corporate mergers are 
measured in quarters, or even 
years. But for Sun Microsystems, 
its US$1 billion purchase of 
MySQL AB on Jan. 23 has been 
measured in days. On Feb. 26, 
that acquisition was declared 
complete just five weeks after it 
was announced. 

On a conference call revealing 
the news, Sun CEO Jonathan 
Schwartz said that the MySQL 
purchase was the company's most 
important acquisition ever. 

"The backing of Sun's global 
support and services organiza- 
tion removes what had been the 
single biggest impediment to the 
growth of MySQL," said 
Schwartz on the call. "We wel- 
come the MySQL employees to 
the Sun team. I am especially 
pleased that Marten Mickos will 
be joining my executive team." 

Mickos, formerly CEO of 
MySQL, becomes a senior vice 
president in Sun's software divi- 
sion. He will answer to Rich 
Green, who heads that division 
continued on page 24 ► 



EU Slaps Microsoft 
With $1.3 Billion Fine 



BY DAVID WORTHINGTON 

It was supposed to be a tri- 
umphant day for Microsoft. Its 
"Heroes Happen Here" gala in 
Los Angeles was to celebrate the 
arrival of a wave of key products, 
including Visual Studio and Win- 
dows Server. But the main topic 
at the party more likely was the 
way the European Union levied a 
record-setting €899 million 
(US$1.3 billion) fine against the 
software behemoth. 

EU regulators are penalizing 
Microsoft for charging what it 
called "unreasonable prices" to 
software developers for access to 
information on Windows client 
and server protocols, prior to 
Oct. 22, 2007. 



The sanctions stem from the 
EU's 2004 antitrust ruling 
against the company, which was 
upheld in September 2007 by 
the European Court of First 
Instance in Luxembourg, the 
EU's second-highest court. The 
European Commission, the 
enforcement arm of the EU, ini- 
tially fined Microsoft €497 mil- 
lion ($613 million) in 2004, fol- 
lowed by an additional €280.5 
million ($357 million) in July 
2006. The cumulative fines 
amount to nearly $2.3 billion. 

Yankee Group analyst Laura 

DiDio was critical of the fines. 

"The penalties they are imposing 

on Microsoft make no sense," she 

continued on oaoe 21 ^ 



LEGAL BATTLE 
HAS DEEP ROOTS 



1993 

Novell files a complaint to the EC 

and the U.S. Justice Department, 

claiming that Microsoft's licensing 

practices stifle competition. 



1998 

Sun complains to the EC that 

Microsoft would not disclose 

technical interfaces to Windows NT. 



2003 

EC orders Microsoft to offer a 

version of Windows without 

Windows Media Player. 



MSFT: WE'LL DOCUMENT APIs 



\ €4 
| after 



2004 

Microsoft is fined 

€497 million (US$613 million) 

after losing antitrust judgment. 



BY DAVID WORTHINGTON 

In the wake of mounting pressure 
from European antitrust regula- 
tors, Microsoft has pledged to do 
the unthinkable: It will publish 
documentation for APIs and Win- 
dows client and server protocols, 
for which it once fought tooth- 
and-nail to hold as trade secrets. 

Microsoft's decision to divulge 
how its products can be more eas- 
ily used with third-party solutions 
is driven by four self-described 
"interoperability principles" that 
the company announced last 
month. 

In the four principles, the 
company vows to ensure open 
connections, promote data porta- 
bility, enhance support for indus- 



try standards, and more openly 
engage its customers and the 
industry, including open-source 
communities. 

The interoperability principles 
apply to high-volume business 
products, including Exchange 
Server 2007, Office 2007, Office 
SharePoint Server 2007, SQL 
Server 2008, Windows Server 
2008, Windows Vista (including 
the .NET Framework) and all 
future editions of those products. 

Microsoft will implement 
those principles by making the 
API documentation available to 
developers on the Web, license- 
and royalty- free. The process 
began last month when it dumped 
continued on page 21 ► 



2005 

Microsoft appeals the 2004 judgment. 



2006 

EC fines Microsoft an additional 
€280.5 million ($357 million) .^ 
for noncompliance with p^ 
2004 judgment. 



2007 

EU's Court of First Instance 
affirms the 2004 judgment. 





i«S 2008 

Calling licensing and royalty 

j$fees excessive, EC levies its 

largest fine against 

Microsoft to date: 

€899 million (US$1.3 billion). 



SCO's Fate 
May Ride On 
$100M Offer 

BY DAVID WORTHINGTON 
AND P.J. CONNOLLY 

To the remaining SCO Group 
employees, Cupid sure looks a 
lot like Santa. 

That's because the company 
celebrated Valentine's Day by 
announcing a reorganization plan 
that could include as much as 
US$100 million in financing from 
Stephen Norris Capital Partners 
and the investment firm's Middle 
Eastern business partners. How- 
ever, much, much less cash has 
actually changed hands to date. 

Part of the plan, announced 
last month, is to take SCO private 
in hopes of bringing the company 
out of Chapter 11 reorganization 
by the end of the year. Stephen 
Norris Capital Partners (SNCP) is 
named after its managing partner, 
investment guru Steve Norris, a 
continued on page 14 ► 




Product development is a huge SCO 
challenge, says analyst Hammond. 
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Replay Turns Back Time for Enterprise QA 

TiVo-like solution offers way to evaluate software's non-deterministic behavior 



BY ALEX HANDY 

Replay Solutions is pressing rewind on 
enterprise applications, effectively cre- 
ating a TiVo for the QA department. 
This spring, the company will release 
Replay Team Edition, which records 
and plays back software events. 

Replay Solutions has been concen- 
trating on video game consoles since the 
company's inception in 2004, said CEO 
Jonathan Lindo. After refining the prod- 
uct's features, Replay Solutions has 
poured them into a version that targets 
enterprise Java developers. 

Behind the scenes, Replay Team Edi- 
tion takes a different approach to 
replayable event-monitoring than its 
rivals do. Among those competitors is 
VMWare, which introduced a product 
based on its virtualization platform that 
also records and replays software events. 

But Replay is different. Convention- 
ally, he explained, computers are consid- 
ered deterministic, even though that's 
not truly the case. What makes their 
behavior "non-deterministic is random 



sources of input, and random events 
such as I/O, keyboard and mouse input. 
Or it can be because of things like the 
scheduler or the memory manager's 
interrupts and callbacks. All those things 
can introduce non-determinism. If you 
can control all those elements, we can 
place that application into a determinis- 
tic state again, and guarantee the exact 
path of execution." 

BE KIND, REWIND 

This focus on deterministic actions 
allows the company to assert that Replay 
Team Enterprise can save hours of 
application activity without requiring 
massive storage space. Replays solution 
allows for a faster monitoring hook as 
well, Lindo added. 

The software can also be used against 
live systems, where it can be loaded and 
implemented with only a 1 to 3 percent 
performance hit, noted Lindo. Included 
is an Eclipse plug-in that allows record- 
ed sessions to be played back step by 
step with a debugger attached. As a 
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The ReplayDIRECTOR Web interface allows users to see all the recorded events and interactions, 
play them back, export them and open in Eclipse, where a debugger can be attached. 



result, developers are able to see exactly 
which line of code is being triggered at 
each step. 

Replay Team Edition, available now, 
is priced at approximately US$35,000 



for 10 users. A free version is coming 
that can record and play back but will 
not be able to export and share those 
recordings with others. For more infor- 
mation, visit www.replaysolutions.com. I 



CUBiT Goes the Whole Yard 

CollabNet's build tools allow mixed-mode deployment 



BY JEFF FEINMAN 

CollabNet has rolled out the newest ver- 
sion of CUBiT, offering new deployment 
options and putting the finishing touch 
on the software's integration with 
SourceForge. 

CUBiT is CollabNet's build, integra- 
tion and testing software, which is aimed 
at simplifying software development 
through real-time creation and manage- 
ment of build-and-test environments for 
globally distributed teams. 

One of the main enhancements in 
CUBiT 1.5, announced in early March, 
is the ability to do mixed-mode deploy- 
ment, which allows customers to carry 




CollabNet's Nick Bonfiglio says CUBiT now 
lets users do mixed-mode deployment. 



out test releases. Mixed-mode deploy- 
ment chunks infrastructure so it can be 
used for various needs, company execu- 
tives said, including development, test- 
ing and QA, staging and production. 

Nick Bonfiglio, CollabNet's vice pres- 
ident of worldwide operations, said 
CUBiT had been primarily focused on 
the build and test arena, but customers 
were asking to use CUBiT for produc- 
tion purposes. 

He explained that it could actually 
"support some light production and 
allow a company to move a product from 
development into production use. 

"I'm not saying we're going to be 
managing production infrastructure 
with CUBiT," said Bonfiglio, "but we're 
definitely moving closer to — in a 
sense — closing the life cycle." 

CUBiT 1.5 can offer these produc- 
tion capabilities with version control 
profiles that can be tagged for produc- 
tion, development or test stages, Bon- 
figlio said. This helps the user visualize 
the software stack and centrally manage 
each stage, while providing an easy way 
for developers to re-create a production 
environment. 

CONNECTING WITH SOURCEFORGE 

Additionally, CUBiT 1.5 delivers an 
integration with the SourceForge col- 
laborative development platform. This 
integration was announced shortly after 
CollabNet had purchased the Source- 



Forge Enterprise Edition (SFEE) soft- 
ware from VA Software in April of last 
year, and it comes to fruition in this 
release. 

CUBiT 1.5. includes project-tracker 
and issue-tracker connectors for the 
Mylyn 2.0 open-source plug-in, enabling 
any developer to work with his tracking 



repository form within the Eclipse work- 
space, the company said. Mylyn, with 
CUBiT's tracker connector, can manage 
issues stored in CollabNet Enterprise 
Edition or SFEE from within Eclipse. 

Other new features include Collab- 
Net Perspective, which is an arrange- 
ment of CollabNet Desktop views, and 
CollabNet Sites View, which is a view of 
all installed CollabNet products. There 
is also an integration with CollabNet 
Subversion that employs Subclipse, a 
Subversion plug-in for Eclipse. I 



SERENA SETS SAAS TRIPLE THREAT 



BY JEFF FEINMAN 

Serena has created software-as-a-service 
versions of three of its main products, 
completing a SaaS hat trick. 

The company this month delivered 
new SaaS versions of its Business 
Mashups suite, which also lets develop- 
ers automate business processes, the 
Mariner product and portfolio manage- 
ment tools. Also included is an upcom- 
ing agile product that will be headed by 
John Scumniotales, a co-creator of the 
Scrum agile methodology and now a vice 
president of products for Serena. 

The company believes that SaaS will 
gain a stronger foothold in enterprise 
software, said Kyle Arteaga, a 
spokesperson for Serena. "We think that 
the moves that have been taking place in 
the consumer world, particularly with 
the transformation around Web 2.0, are 
making people more comfortable with 
putting tools and services on the Web," 
he said. 



Arteaga pointed out that a flexible 
tool is often more useful. "If you look at 
a general enterprise software tool, 
there's no customization allowed," he 
said. "The fact that you do your job 
slightly differently than I do is kind of 
irrelevant, and I don't think people are 
willing to put up with that any more." 

What's more, Serena has created the 
Serena Mashup Exchange, a "market- 
place" for selling packaged mashups, 
template workflows and services that 
also will offer mashup construction tools 
as services. The exchange will be set up 
on Serena's Web site. 

"It's very eBay-like," Arteaga said. "I 
think small companies with a niche 
expertise will get the opportunity to 
highlight themselves. While they might 
not have a lot of money for marketing, 
what they do have is expertise. So if they 
give a mashup or two away that are spe- 
cific to what they do, that will help them 
build their brand name." I 




ALTERNATIVE THINKING ABOUT APPLICATION SECURITY 



Alternative thinking is attacking your own Web applications, finding 
vulnerabilities and destroying them with precision and vengeance — 
throughout the life of the application. 

It's looking at application security through the eyes of a hacker 
to identify threats to your system and risks to your business. 

It's harnessing the power of SPI Dynamics, recently acquired by HP, 
to redefine and expand your security abilities. (Please note: positive 
effects on your bottom line.) 

It's assessing security the right way, from development to QA 
to operations — without slowing down the business. 
(Cue elated cheers.) 



Technology for better business outcomes. 
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IBM Bulks Up z Mainframe 

Speed up 50%, capacity tops in line 



BY JEFF FEINMAN 

IBM has unleashed the System 
zlO mainframe, which the com- 
pany called its highest-capacity 
System z ever. 

System zlO, introduced Feb. 
26, is the approximate equivalent 
of 1,500 x86 servers, IBM said, 
with up to 85 percent less cost in 
energy and floor space than the 
commodity boxes. 

But that's not the only brag- 
ging point for the company, 
which says that the zlO is 50 
percent faster than its prede- 
cessor, the z9. The new main- 
frame can run workloads in 
Java, Linux, WebSphere and 
XML containers. 

As part of the System zlO 
launch, IBM released tools 
focused on helping developers 
and project managers more eas- 
ily manage their mainframes, 
and to help automate the devel- 
opment and deployment of 
mainframe applications. 

The System z modernization 
closely parallels the effort made 
by IBM to overhaul System i, 
which itself bore first fruit in late 
January. In both cases, noted 
Scott Searle, IBM RationaPs 
enterprise modernization mar- 
keting programs director, the 
goal was to move away from the 
WebSphere Development Stu- 
dio Client because customers 
were finding that platform to 
have limited third-party support. 

"These enterprise modern- 
ization products were running in 
place on WebSphere," Searle 




An IBM technician assembles a module for the company's new z10 main- 
frame, which IBM says has the equivalent power of 1,500 x86 servers. 



said. "We expect these things to 
grow in 2008. Historically, Ratio- 
nal hasn't focused on the System 
z customers, and we think there's 
great potential to take core 
Rational products to System z 
customers." 

Z TRAINING 

To assist developers in modern- 
izing their mainframes, IBM 
released five resources and 
training pieces as part of the zlO 
rollout. The first, System z for 
ISV, provides independent soft- 
ware vendors with training pro- 
grams and technical resources, 
such as System z seminars and 
the updated hardware through 
IBM's Virtual Loaner Program. 



The Destination z Web site 
is a new place for software 
developers to network and gen- 
erate new ideas for the System 
z platform. For the college 
crowd, the Academic Initiative 
for System z is a new program 
for helping colleges and univer- 
sities develop mainframe-cen- 
tered coursework. 

Other new resources for 
developers and users include the 
System z Sandbox, an area on 
the IBM developerWorks Web 
site where customers can try 
Rational-branded mainframe 
software before buying it, and 
three new System z Starter 
Packs — kits designed to help 
clients update their IT systems. I 



Ex-Microsoft Platform Guru Joins EMC 



BY JEFF FEINMAN 

Former Microsoft executive 
Paul Maritz has been appoint- 
ed president of EMC's cloud 
computing division. 

Under the deal, announced 
Feb. 22, EMC signed a defini- 
tive agreement to buy personal 
information management start- 
up Pi, which Maritz founded. 

Pi becomes a subsidiary of 
EMC and will continue to oper- 
ate in Seattle. It employs about 
100 engineers, though Pi has 
yet to launch a product. 

Maritz was a senior executive 
at Microsoft from 1986 to 2000, 
with his last position being vice 
president of platform strategy. 
He managed the development 
and marketing of products, in- 




cluding Windows 95, 
Windows 2000, Visu- 
al Studio and SQL 
Server. 

"I remember 
him as somebody 
that had a really 
good perspective on 
enter-prise require- 
ments," said Judith Maritz: Pi founder to lead 
Hurwitz, president cloud computing division. 
of the Hurwitz and 
Associates research and con- 
sulting firm. 

Cloud computing is a form of 
grid computing based on sys- 
tems requiring minimal adminis- 
tration. Its main advantages are 
said to be less-expensive infra- 
structure and operations costs, 
with the ability to share capacity 



among a large pool 
of users. 

EMC's newly 
formed Cloud Infra- 
structure and Ser- 
vices division con- 
sists of the Fortress 
SaaS infrastructure; 
the MozyEnterprise 
backup system for 
desktops, laptops 
and Microsoft Win- 
dows servers; and other "upcom- 
ing EMC cloud infrastructure sys- 
tems and software offerings under 
development," the company said. 
Hurwitz said that cloud 
computing is a good extension 
for EMC's offerings in storage, 
along with its backup services 
and storage virtualization. I 
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NEW PRODUCTS. 
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Microsoft Windows tool provider Developer Express has released a 
number of Microsoft Visual Studio 2008-compatible tools. Among 
them is the DXCore for Visual Studio IDE that helps developers build 
productivity plug-ins. Other tools in this batch include CodeRush, 
which builds code templates, and the Refactor code refactoring tool 
. . . TotalView Technologies, a specialist in debugging and analysis 
software, has released the Workbench Manger application, which 
allows programmers to create a cohesive view of the debugging work- 
flow process. With Workbench Manager, users can manage and launch 
any version of the TotalView Debugger or the MemoryScape memory 
debugger, along with any third-party application for debugging, in a 
single graphical user interface, according to the company . . . Bridge- 
line Software, a provider of Web application management software, 
has released iAPPS Analytics, which the company said provides inte- 
gration within all levels of a Web application. iAPPS Analytics increas- 
es speed and productivity through dynamic segmentation and auto 
page tagging, according to the company, and is the second of four 
planned software-as-a-service products Bridgeline is releasing for the 
iAPPS content management and analytics framework. 



, UPDATES , 



The Apache Software Foundation has made Apache Synapse an inde- 
pendent project, joining Apache's 57 other top-level projects. Synapse, 
now at version 1.1.1, is an open-source enterprise service bus that 
allows organizations to build SOAs and integrate Web services . . . The 
Linux Foundation has updated its Linux compatibility document, 
known as the Linux Standards Base, to version 3.2. The Linux Stan- 
dards Base is a set of compliance requirements against which most 
major Linux distributions have already been validated. Those distribu- 
tions will have to update their printing capabilities and align libraries 
and drivers for Perl and Python . . . PureCM Software, a software con- 
figuration management provider, has released PureCM 2007/4. The 
new version of PureCM presents relations between parallel streams in 
a secure way to improve the handling of changes, company executives 
said. PureCM now tracks file-type changes and automatically manages 
changes to streams . . . SDDS (Software development and deployment 
as a service) supplier Bungee Labs has brought its Bungee Connect 
Web application development and hosting platform to public beta. 
SDDS focuses on passing on administrative and configuration tasks to 
the service provider . . . LDRA, a provider of software verification and 
source code analysis tools, has released TBreq 2.0, its embedded 
software verification tool. TBreq 2.0 offers automated unit testing as 
well as automates requirements coverage for code reviews and defect 
report generation, the company said. TBreq can now link to Telelogic 
DOORS and Microsoft Word documents . . . Jcx.Software, a maker of 
PHP development tools, has released VS.Php 2.4 for Microsoft Visu- 
al Studio 2008, a PHP IDE that is based on Visual Studio. Included is 
support for the XDebug and DBG debugging engines and a Web site 
copy feature that permits users to drag and drop files from the server 
to the client. 



PEOPLE 



MULLINS 



Robert Mullins joins SD Times as a senior editor based in 
Silicon Valley, covering Java and other open-source soft- 
ware development news and events. Mullins has reported 
on the technology industry full time for more than seven 
years, most recently with Network World and the IDG 
News Service. He also spent five years as a reporter at the 
Silicon Valley/San Jose Business Journal, and lives in Santa Clara, 
Calif. . . . Al Berkeley has been named XBRL's chairman of the board. 
XBRL is the United States' consortium for XML business reporting 
standards. Berkeley currently serves as chairman of Pipeline Financial 
Systems and was president and vice chair of the NASDAQ Stock Mar- 
ket .. . Russell Harris has been promoted to president and CEO of 
MontaVista Software, a company that offers embedded Linux software 
and tools. Harris previously served as executive vice president of 
worldwide field operations for the company; before that, he was with 
BlueStar Solutions, Documentum and EDS. I 
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Active Endpoints Takes Visual Orchestration Public 



BY DAVID WORTHINGTON 

Active Endpoints believes that 
it has cracked the code to bring- 
ing Web services into mass 
deployment for line-of-business 
applications. Like Soylent 
Green, but in a good way, the 



secret to the cipher: people. 

The centerpiece of Ac- 
tive VOS is a visual service or- 
chestration development en- 
vironment that recognizes and 
works with human-focused 
tasks. It works with debugging, 



deployment and testing facili- 
ties to help project teams de- 
sign and maintain composite 
applications. 

Active VOS 5 became gener- 
ally available on March 5. Prior 
to that release, only Active 



Endpoint's OEM customers 
had access to the service or- 
chestration tools. 

To enable visual workflow 
creation, Active Endpoints 
chose to implement the nascent 
BPEL4People specification 



industry's broadest and most complete 
studio suite with five studios in one 




Studio for WPF 



CI WPFCarousel displays grid items along a predetermined path, zooming in and out 

of a focal point to emphasize individual records. 

CI WPFChart allows developers to use common chart types and the enhanced visual 

capabilities of WPF such as vector graphics, hardware acceleration, 3D rendering and 

animation. 

CI WPFGrid includes a rich set of WPF grid views such as Excel-like splits, 

freezable columns, Ul-based source item filtering, unbound columns, 
and automatic hierarchical data representation. 

C1 WPFScheduler represents the industry's first fully functional scheduling tool for WPF 








Component One* 



W Studio Enterprise" 2008 



Fof more information about Studio Enterprise and other ComponentOne products, visit: 
www.cornponentone.com I 1 .800.858.2739 
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and the complementary WS- 
Human Task, explained Chris 
Keller, vice president of prod- 
uct development. 

BPEL is a Web service- 
based business process model- 
ing language that orchestrates 
interactions among different 
services. BPEL4People is a 
BPEL extension that addresses 
human interactions, and WS- 
Human Task provides the defi- 
nition of human tasks. 

"Many vendors have propri- 
etary [workflow] engines," said 
Sandra Rogers, IDC's program 
director for SO A, Web Services 
and integration. "They [Active 
Endpoints] are presenting a 
standards-based environment 
that does not have infrastruc- 
ture dependencies." 

Its other workflow features 
include the ability to create log- 
ical groups of people to protect 
applications from role changes, 
and a "task inbox" for end users 
to access process works in- 
progress. 

Rogers observed that the 
Active VOS service orchestration 
interface follows the same 
metaphor as other BPM tooling 
and orchestration solutions. 
However, she noted that its 
packaging of life-cycle elements 
was "interesting." She observed, 
"The developer can deal with 
what they need to without swap- 
ping back and forth into other 
systems." 

BEYOND THE WORKFLOW 

Testing is another one of its 
functions, and Active VOS can 
simulate orchestrations in off- 
line unit tests. 

BUnit (BPEL unit) tests are 
created by recording simula- 
tions in the Active VOS designer 
and can be combined into col- 
lections of simulations to build 
test suites. The BUnit function 
can insert sample data into ap- 
plications. 

The same process is used to 
debug production orchestra- 
tions, and remote debugging 
provides the ability to alter or 
inspect message input and out- 
put, change endpoint refer- 
ences, and people assignments 
in the application. 

When orchestrations are 
ready for production, an Eclipse 
plug-in collects all the resources 
required to manage them, and 
creates a folder structure for 
artifacts such as schema and 
WSDL files. Those can be used 
during offline tests. I 
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JBI 2.0 Tackles Complexity 



No longer mistaken for an ESB, spec may take on interceptors 

will be reworked is how the sys- 
tem deals with non-XML data. 



BY ALEX HANDY 

When the original Java Business 
Integration 1.0 was released, 
some developers mistook it for 
an enterprise services bus. Now, 
the specification leads of JBI 2.0 
are working on ways to better 
integrate Web services in a Java 
world, and hoping that this time 
developers get the right impres- 
sion of what the software can do. 

Peter Walker and Ron Ten- 
Hove, co-specification leads on 
JSR 312 — the expert group 
behind JBI — and engineers at 
Sun Microsystems, hope to 
invert their development and 
creation process for JBI 2.0: 
Though version 1.0 began with a 
specification and ended with a 
reference implementation, they 
hope version 2.0 will reverse it. 

This time, the engineers are 
also aware of the mistakes made 
with the presentation of JBI 1.0 
in 2005 by what was the JSR 208 
expert group. "When we first 
released the specification," said 
Walker, "we knew in our own 
minds it was positioned as a sort 
of augmentation to existing 
enterprise infrastructure. But a 
lot of people took it to be a spec- 
ification for ESBs. That set us off 
a little bit on the wrong track. If 
I was writing an ESB, I'd use 
JSB as its heart, but its technolo- 
gy that really just deals with a 
model of mediated message 
exchange. When we introduced 
it, a lot of people were looking 
for an API, and there really isn't 
one in JBI because it's a middle- 
ware specification." 

BEYOND SIMPLICITY 

Ten-Hove said that JBI 1.0 was 
as much about what was miss- 
ing as what was there. This time 
around, many of the ideas they 
initially ignored in favor of sim- 
plicity may be addressed. 

"One [idea] we left out for 
simplicity was interceptors: the 
notion of having some sort of 
pluggable piece that can inter- 
cept message exchanges," said 
Ten-Hove. "They can be used 
as debugging aids, or to build 
certain kinds of application 
enhancements like retry logic." 

Now that JBI is more gener- 
ally understood and supported 
in open-source projects such as 
Apache Service Mix, Ten-Hove 
and Walker think that the time 
is right to bring interceptors 
into JBI 2.0. 

Another aspect of JBI that 



JBI had been able to handle such 
data, but only in a generalized 
way. The spec may call for more 



specific methods of handling 
non-XML data, said Walker. 

JBI will also likely see its first 
API in version 2.0, as well. 

JBI 2.0 is slated to be com- 



pleted in the second quarter. 
"At the moment, we're looking 
at the scope and seeing exactly 
how much we can bite off," 
said Walker. I 
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Mashup Madness a Slam Dunk? 

Strikelron contest engages NCAA tourney 



BY JEFF FEINMAN 

As college basketball teams bat- 
tle it out on the hardwood this 
month, data consumption and 
distribution company Strikelron 
has gotten into the hoop-la with 
a contest to see who can create 
the most innovative widget or 
mashup involving the NCAA's 
men's basketball tournament. 

The Mashup Madness com- 
petition is under way, and it 
leverages the Sports Network 
NCAA Web service, an API that 
provides real-time NCAA tour- 
nament and regular-season bas- 
ketball data. According to 
Strikelron, the service can bring 
in scores with a 60-second delay 
and give updated information 



on player statistics, standings, 
injuries and betting odds. 

"The data is delivered in an 
XML format that can integrate 
into widgets, gadgets, Web appli- 
cations and enterprise mashups," 
said Robin Griffin, Strikelron's 
vice president of marketing. 
"Strikelron services can be easily 
integrated with all major mashup 
platforms, as well as directly into 
any application or Web site." 

Griffin said that ad-generat- 
ed widgets could be made for 
teams, the Web service could be 
mashed up with Google Calen- 
dar to create a conference 
scheduler, or mobile alerts 
might be created for teams by 
combining the service with 



short-message service alerts. 

Griffin said that there have 
been several entries, but the 
contest is expected to pick up 
after the code has been devel- 
oped and the mashups tested. 

The competition will run 
until March 31, and winners will 
be announced April 7. The 
championship game will be on 
the same date in San Antonio. 
Executives of The Sports Net- 
work, Strikelron, and Program- 
mable Web will judge the sub- 
missions, and the winners will 
receive prizes that include a 42- 
inch flat-screen high-definition 
TV and an Apple iTouch. Visit 
www.strikeiron.com/hoops for 
more information. I 



Automation Server Aims 
To Fill Gap in Life Cycle 

Software addresses generic processes 



BY JEFF FEINMAN 

Automation Server is designed 
to work with processes that do 
not fit well into software devel- 
opment life-cycle stages. 

The server, which Urban- 
code rolled out March 3, uses 
technology similar to the com- 
pany's AnthillPro continuous 
integration build and depen- 
dency management software. 
In fact, Urbancode president 
Maciej Zawadzki called the 
Automation Server a stripped- 
down version of AnthillPro. 

The new server, which car- 
ries out processes with distrib- 
uted agents to provide automa- 
tion, has a Web interface that 
doesn't require XML file editing 
or scripting, the company said. 

The interface provides a 
drill-down view of steps and log 
files, while a Web services API 
offers a flexible execution of 
processes. 

"It's not directed at solving 



problems 
processes, 
automate 



within 
but it is 



specific 
able to 



processes, 
"There are 



more generic 
Zawadzki said, 
certain processes 
that don't fall into categories 
that AnthillPro really covers: 
continuous integration, build 
and dependency management, 
deployment automation, test 
orchestration and release man- 
agement. 

"AnthillPro can do some of 
those things, like restarting a 
service, but that's not what it 
was designed to do. You can use 
pliers as a hammer, but it's not 
going to be pretty." 

Other features in Urban- 
code's Automation Server 
include a pre-installed catalog 
of steps to automate file trans- 
fer and report generation, the 
ability to customize steps, and 
customizable schemes to notify 
individual users on the success 
of procedures. I 
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TIBCO Invites Developers to Hop on the Bus 



BY DAVID WORTHINGTON 

TIBCO Software has expanded 
its vision of a unified application 
infrastructure by adapting to het- 
erogeneous SOA environments 
and including a standalone en- 
terprise service bus (ESB). 



A second wave of Active Ma- Component Architecture (SCA) 



trix products — a major compo- 
nent of that vision, called TIB- 
CO ONE— shipped Feb. 11. 
Active Matrix 2 adds integration 
capabilities through the new 
ESB and adheres to Service 



standards to improve interoper- 
ability within enterprise-wide 
SOA deployments. 

TIBCO ONEs guiding prin- 
ciple is to deliver a unified plat- 
form for enterprises to build ap- 



plications based on its BPM, 
event-driven architecture and 
SOA technologies, TIBCO said. 
Active Matrix uses a contain- 
er approach to develop, deploy 
and govern services on the 
TIBCO platform; containers are 
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configurable and centrally man- 
aged, permitting incompatible 
technologies to be grouped as 
composite applications, the 
company said. 

To help enterprises stitch 
together disparate technologies, 
the ESB, called Active Matrix 
Service Bus, joins the Active- 
Matrix platform as a light- 
weight, standalone alternative 
to ActiveMatrix BusinessWorks. 
The ESB was derived from 
BusinessWorks as a low-cost 
solution for service mediation 
and for those that want to "start 
small" without requiring orches- 
tration, said Rob Meyer, Active- 
Matrix product manager. 

TIBCO s Eclipse-based Busi- 
ness Studio modeling environ- 
ment is used for service media- 
tion creation and debugging. 

Yet, integration is not the 
ESB s sole function; the Active- 
Matrix Service Bus also works as 
a governance bus. The ESB is a 
central place for an enterprise 
to govern how SOA services be- 
have across departments. 

ActiveMatrix has a common 
set of tools for assembling, 
deploying, hosting and manag- 
ing ActiveMatrix Service Bus 
mediations, Java, and .NET ser- 
vices together as SCA-based 
composite applications. A Web- 
based management console 
reports a service's performance 
and shows its dependencies. 

Moreover, ActiveMatrix 
BusinessWorks now runs in 
either standalone mode or as a 
container hosted by ActiveMa- 
trix Policy Manager — TIBCO's 
common runtime container. 

The advantage of running 
BusinessWorks within a Policy 
Manager container is that the 
ActiveMatrix platform can com- 
pose services out of disparate 
technologies, such as .NET and 
Java EE, Meyer said. 

"Vendors have committed to 
managing one developer plat- 
form," Meyer said. "For 
Microsoft, that's .NET For 
IBM, Oracle and, to a lesser 
extent, BE A, it's Java EE. They 
don't manage them all together. 
ActiveMatrix is designed to pro- 
vide a unified architecture, a 
unified runtime for these dif- 
ferent technologies." 

All of the ActiveMatrix 2.0 
products may be purchased 
individually or as packages — a 
starter kit, integration bundle 
and composite application bun- 
dle — targeting different phases 
of the SOA life cycle. I 
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Dojo Seeks Accessible DHTML Future 



BY ALEX HANDY 

The Dojo Foundation is trying 
to kill an old wives' tale about 
JavaScript: Accessibility and 
functionality are mutually ex- 
clusive. 

This month, the foundation 
is scheduled to release version 
1.1 of its toolkit, which will 
include new 2D animation sup- 
port, the ability to work with 
the Python-based Django Web 
framework and the fruits of a 
lengthy and complex move to 
support the W3C s new Acces- 
sible Rich Internet Applications 
(ARIA) specification. 

ARIA began life as the 
Dynamic HTML (DHTML) 
accessibility spec inside the 
W3C. Now, as the specification 
heads toward a final draft, the 
foundation is preparing to reap 
the rewards of its participation in 
the project. 

Alex Russell, the project 
lead for the Dojo Foundation, 
said that the toolkit has acted as 
the vanguard for the ARIA 
standard. 

"The story has always been 
that you can't do accessible 
DHTML," Russell said. "Thanks 
to a grant from Mozilla and from 
IBM, and work from Toronto's 
Adaptive Technology Resource 
Center, we've been able to 
implement Dojo as a testbed of 
the ARIA spec. It works, and 
that's good for everyone." 

BIGGER FISH TO FRY 

The W3C and its myriad collab- 
orators have laid out an extensive 
roadmap for ARIA. Along with 
Dojo, many accessibility tools 
are being updated to conform to 
the new standard. Screen read- 
ers such as Jaws from Freedom 
Scientific and GW Micro's Win- 
dow-Eyes will include new 
hooks to handle ARIA-compliant 
browsers and sites. Mozilla Fire- 
fox is also getting some addition- 
al functionality out of the deal. 

The ARIA specification lays 
out some new guidelines for 
middleware as well. One calls 
for sites to support XML event 
descriptions. That would allow 
a blind user to hear a descrip- 
tion of what would happen 
when a certain interface ele- 
ment is triggered: An online 
store would explain that an 
order would be purchased and 
paid for if the mouse hovers 
over the "Buy" button. 

Russell is upbeat about the 
current state of browser com- 
patibility. 



"It's getting a lot better. I 
started doing DHTML in 2000. 
Back then, we literally had two 
separate [applications]: one for 
the Netscape world, and one 
for Internet Explorer world. In 
the meantime, things have got- 



ten a lot better. That means we 
and our users are pushing the 
edge to new places," he noted. 
As for JavaScript itself, Rus- 
sell has some simple advice for 
developers who are moving into 
the DHTML world for the first 



time. "The first practice is to 
respect a language. It's not a 
toy," Russell pointed out. "It's a 
powerful language. It's got clo- 
sure; it's got object orientation. 
It's not bad object orientation, 
but it is its own style. Beyond 



that, you need some skeleton, 
some backbone to help struc- 
ture the stuff." 

That structure is what the 
free Dojo toolkit was meant to 
provide. It can be found online 
at www.dojotoolkit.org. I 
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Business Objects Adds Text Analysis to Bl Platform 



BY JEFF FEINMAN 

Business Objects has updated 
its XI enterprise business intel- 
ligence platform with a focus on 
text analysis and interoperabili- 
ty with its other products. 



Version 3.0 is the SAP com- 
pany's first big release since its 
acquisition in October. Company 
executives said that BusinessOb- 
jects XI 3.0, released in mid- 



intelligence platform with inte- 
grated text analysis, allowing 
business intelligence to include 
customer opinions from unstruc- 
tured sources — including the 



"If you're searching for rev- 
enue, and if you want to look for 
revenue in 10 to 15 languages, 
we can easily do that, and it 
doesn't require you to do any 



February, is the only business Web, note fields and e-mails. extra query writing," said Franz 
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<V* 



►oltthons jbr %&o& CUcJIencies. 

Precision,Bl r a: provider of business and ciinfcal intelligence solutions for health care providers, had 
decided to move its COM-based analytical software to .NET and 3 Web-baaed version. In order to 
deliver the same look and feel in the product with which its customers have grown comfortable, 
Precision. Bl needed to create a consistent look and fee! across all its applications. 

Precision ,BI ("FBI") adopted Infrsgistics NetAdvantage for .NET to deliver data analysis software to its 
healthcare provider audience. FBI used the NetAdvantage AppStylist to design one consistent look 
and feel, and then branded all of their .NET and Web-based applications' fonts, colors and styles 
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(•ci>.fr.r\r.-} I r o l : r r 5 c r. I r. i > n r. innr 



Infragistics Sales 800 231 856* 
infragistics Europe Sales +44 (0) 800 298 9055 



ASRNET 
menus listbers 



WPF JSF 

trees tabs explorer bars 



editors b. more 



.<: I ihxft^jz.. Iiiir. AD i ijiin. -and tnfraiiin, H v hh:i> ii.ii 

Al oil n • Mm ll r. twrnpca: 



Aman, vice president of product 
marketing for Business Objects' 
business intelligence platform. 

XI (that's "x-eye") now has a 
Crystal Reports interface, 
which embeds Adobe Flash and 
Flex. "There's a lot more ability 
for customers to design inter- 
esting hybrids of applications 
and reports ... based on Flash 
and Flex," Aman said. 

Other enhancements to the 
platform include the ability to 
integrate with Business Objects' 
Web Intelligence query and 
reporting tool for SAP environ- 
ments, the Xcelsius data visual- 
ization tool, and new software 
called Polestar that combines 
search capabilities with business 
intelligence to answer business 
questions. 

ENHANCING SAP'S Bl 

The acquisition mixed Business 
Objects' Bl background with 
SAP's business software. Busi- 
ness Objects remains a separate 
unit, and Aman said that the 
company's goals remain the 
same. One of the main objec- 
tives of the XI 3.0 release was to 
make it easier for people to get 
at SAP data, which led to the 
Web Intelligence feature. XI 
3.0 also has refreshed the way it 
uses SAP metadata and inter- 
acts with SAP applications. 

Even prior to the acquisition, 
Business Objects has been trying 
to create stronger integrations 
among its own products and, 
according to analysts, whether 
the process continues will deter- 
mine the success of the acquisi- 
tion. Many of Business Objects' 
products already share metadata, 
but it is not easy to move a report 
developed in one tool to another, 
according to Boris Evelson, a 
principal analyst at Forrester 
Research. Evelson said, "Moving 
some of Business Objects' 
resources to SAP product inte- 
gration, or complicating its prod- 
uct strategy with layers of SAP 
decision-makers, will not make 
internal Business Objects prod- 
uct integration efforts any easier." 

Evelson also said that SAP 
had shortcomings on the busi- 
ness intelligence front, as it 
lacks an extract, transform and 
load tool, and connectivity to 
non-SAP sources and targets. 
The acquisition, he conceded, 
strengthens SAP's business in- 
telligence capabilities and helps 
users integrate outside data 
sources. I 
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SCO's Survival Hinges on Investor Firm 



Skepticism greets plan to rescue company from Chapter 11 by taking it private 

< continued from page 1 sion stating that it did not expect claimed that its predecessor had ship of the underlying intellec- 

co-founderoftheCarlyle Group. to be able to pay its legal bills. purchased Unix technology tual property. 

A week earlier, SCO had Much of that tab was presum- from Novell in 1995, when mul- Under the proposed agree- 

filed a grim 10K with the Secu- ably rung up in its so-far-unsuc- tiple courts have found that ment, the company will undergo 

rities and Exchange Commis- cessful court battles, which Novell cleverly retained owner- structural changes in its man- 
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agement. The memorandum of 
understanding between SNCP 
and SCO stipulates that contro- 
versial CEO Darl McBride must 
resign immediately "upon the 
effective date of the proposed 
plan of reorganization." Craig 
Bushman, SCO's vice president 
of marketing, confirmed the 
plans for McBride s departure. 

But SCO's claims of a life- 
saving deal might just be more 
hot air. Forrester Research 
senior analyst Jeffrey Ham- 
mond noted that although the 
financing was trumpeted as a 
$100 million deal, SCO has 
received only $5 million, and 
the remainder is merely a 
promise to ante up to $95 mil- 
lion in loans. 

"I'm assuming that the rev- 
enue stream from existing 
products makes the $5 million a 
pretty safe play in terms of 
recouping it from a support 
stream. I'm guessing the 
remainder of the deal will be 
spent very carefully," Ham- 
mond wrote in an e-mail. 

According to SCO, the busi- 
ness plan that SNCP is bringing 
to the table also includes devel- 
oping new product lines and 
continuing the company's legal 
claims to ownership of core 
Unix technology, which have 
suffered repeated rejections in 
state and federal courts. 

Hammond pointed out that 
the product side of the equation 
would be difficult and require 
strong product development. 

"They've trashed their brand 
image with developers, alienat- 
ed potential customers by suing 
large ex-customers, and they 
need to make a case why they 
offer a better solution than 
open-source offerings on the 
one hand and large established 
enterprise software vendors on 
the other," he observed. 

SCO's Bushman said that 
the company would begin to 
articulate its Unix product 
roadmap soon, but first it is 
soliciting feedback from its 
partners and resellers. SCO 
also is pushing ahead with new 
mobile initiatives, he added. 

Forrester's Hammond dec- 
lined to comment on the validi- 
ty of SCO's claims or its pend- 
ing dispositions, remarking, "I 
learned a long time ago in my 
legal studies class at Wharton 
that justice and law are orthog- 
onal to each other." I 
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AMD Open-Sources Performance Library 

Developers get access to software routine collection 



BY JEFF FEINMAN 

Looking to reach a broader base 
of developers, Advanced Micro 
Devices has made its Perfor- 
mance Library open source. 
Developers will gain access to a 
collection of software routines 
for application development on 
x86-class processors. 

AMD said Feb. 20 it will 
expand the library's functionality 
beyond core media capabilities. 
Customers had been asking for 
open source, said Margaret Lew- 
is, AMD's director of commercial 
solutions and software strategy. 

Framewave 1.0, which cov- 
ers arithmetical routines to 
image and signal processing, 
provides a quick method for 
development, AMD said. 

The framework's internal 
threading uses common models 
to exploit multicore and multi- 
processor systems. With thou- 
sands of routines for image and 
signal processing, the company 
said, Framewave can speed 
development of projects such as 
codecs and image editors. 

"Developers can use these 

FLEX, AIR KITS 
TAILORED FOR 
F0RCE.COM 

BY ALEX HANDY 

Adobe and Salesforce.com are 
releasing development tools for 
programmers that build appli- 
cations with Salesforce. corn's 
Force.com platform, the com- 
panies said last month. 

Adobe has made available 
versions of its Flex and AIR 
toolkits that are specifically tai- 
lored for building rich Internet 
applications that use 

Force.com hosted services on 
the back end. 

"Now Adobe AIR and Flex 
developers have access to the full 
platform-as-a-service Force.com 
provides, allowing the capabili- 
ties of rich Internet applica- 
tions — already demonstrated in 
the consumer Web — to be easily 
united with the enterprise bene- 
fits of cloud computing," Adam 
Gross, vice president of platform 
marketing at Salesforce.com, 
said in a statement. 

The Adobe toolkits for 
Force.com can be downloaded 
for free from developer 
.force.com. I 



libraries as an example of how 
we've been doing some opti- 
mization and multithreading 
capabilities in these routines," 



she said. "We also hope people 
will contribute some of their 
own routines to this library, and 
put [the contributions] out 



there so everyone can share it." 
Making Framewave open 
source also should ease applica- 
tion development, Lewis said. 



"Instead of a developer having to 
write his own C routine to do 
certain functions, he could call 
our routine; it's optimized. If the 
developer has an application that 
does a routine repeatedly, he can 
get performance benefit, 
because every time he calls that 
routine, it goes to this highly 
optimized coding." I 



Intellectuals solve problems. 
Geniuses prevent them. 



— Albert Einstein 
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.NET 3.5 Refresh Due Out This Summer 

Update includes a streamlined installer and WPF performance tweaks 



BY DAVID WORTHINGTON 

With .NET Framework 3.5 out the door, 
Microsoft is working to dispel the short- 
comings that some developers have 
found. 

An update slated for this summer will 
improve its installer, cold start-up times 
and the performance of WPF applica- 
tions, the company said. Scott Guthrie, 
corporate vice president in the Develop- 
er Division, laid out the specifics in a 
Feb. 19 blog posting. 

One lingering problem has been the 
framework's installer. Guthrie acknowl- 
edged that developers have been asking 
Microsoft for years to streamline the 
.NET Frameworks installation and set- 
up. Now, the company will respond by 
making it easier for developers to build 
optimized setup packages. Another 
attempt at streamlining comes in reduc- 
ing the payload of .NET Framework 3.5 
packages to a minimal set. 

For instance, if a user already has 
.NET Framework 2.0 installed on his 
machine, the setup will download and 
upgrade the bits necessary to update to 
.NET 3.5, and will not re-download any 
components already present, Guthrie 
explained. 

Billy Hollis, an author and Microsoft 



"regional director" — one of a number of 
volunteers recognized by Microsoft's 
Developer Platform evangelism group 
for technical expertise — said that 
streamlining the client install of the 
.NET Framework is helpful because it 
currently "takes too long for a casual 
installation." 

Hollis added that .NET Framework 
3.5 was quite large, at well over 100MB, 
because it includes all versions starting 
with 2.0. By comparison, the Java SE 6 
runtime environment for Windows is 
slightly over 15 MB. 

Chris Menegay, a principal consul- 
tant for Notion Solutions and another 
Microsoft regional director, noted that 
the .NET Framework is often orders of 
magnitude larger than the actual appli- 
cation being installed. And, if what 
Guthrie is saying holds true, install time 
will drop dramatically. 

The new setup framework will work 
with other installation frameworks, such 
as Macrovision's InstallShield, and will 
be more tightly coupled with Microsoft's 
ClickOnce and Windows Installer tools. 

SNAPPING TO IT 

After applications are installed, .NET's 
Common Language Runtime (CLR) 



dictates how well they will perform. 
Microsoft intends to optimize CLR data 
structures to reduce disk I/O operations 
and improve memory layout when load- 
ing and running applications. 

Guthrie predicted that with those 
changes, .NET 2.0, 3.0 and 3.5 applica- 
tions would realize a cold-start perfor- 
mance improvement of 25 to 40 percent, 
contingent on application size. Applica- 
tions will not require recoding or recom- 
pilation in Visual Studio to take advan- 
tage of the potential performance 
improvements. 

Windows Presentation Foundation 
(WPF) will also get a face-lift. A service 
update to WCF will optimize the perfor- 
mance of its text, graphics, media and 
data stack (see box above). 

The APIs will remain unchanged — 
again, no code changes will be necessary, 
Guthrie said. A new WriteableBitmap 
API is being added to enable real-time 
bitmap updates from a software surface. 

Microsoft will release new controls 
for WPF later this year at an unspecified 
date. Those include Calendar/DatePick- 
er, DataGrid and Ribbon controls. 

"The improvements to the WPF con- 
trol set are pretty significant," Hollis 
said. "I personally don't use data grids 



.NET IMPROVEMENTS 



• Container recycling and data visu- 
alization support will be reworked 
to enhance data scalability. 

• DropShadow and Blur bitmap 
effects are being moved from 
software to hardware rendering. 

• Faster text performance has 
been sought in Visual and 
DrawingBrush scenarios. 

• Various media and video perfor- 
mance tweaks are in the works. 

• Application start-up times will 
be shortened by reducing I/O and 
optimizing memory use. 

much in user interface design, but I 
know of others who have avoided WPF, 
primarily because it lacks a built-in data 
grid. It's also hard to build a complex 
business application on WPF without 
date controls, as I found out when I 
began building them last year." 

A service update to Visual Studio 
2008 is expected to enhance its WPF 
designer. This will include event tab 
support within the property grid for con- 
trol events, toolbox support within 
source mode, and other miscellaneous 
features customers have requested, 
according to Guthrie. Visual Studio 2008 
and the .NET 3.5 Framework became 
generally available in November. I 
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Putting the Semantic Web in Motion 

TopQuadrant releases visual scripting language for integrating data 



BY JEFF FEINMAN 

The first visual scripting lan- 
guage for the semantic Web is 
out. That's according to Top- 



Quadrant, which has released 
SPARQLMotion. 

SPARQLMotion, released 
March 3, allows people without 



programming skills to create 
semantic Web applications. It 
can integrate data sources, run 
queries on combined data and 



create information mashups and 
reports, company executives 
said. It is used for semantic data 
processing, and end users can 
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create simple steps to form 
"complex processing pipelines." 

SPARQLMotion can import 
data from databases, e-mails, 
HTML and XML documents, 
RSS feeds, and plain text files, 
and then merge and filter the 
data, according to the company. 
The software is also able to apply 
semantic rules on data and run 
text processing and data conver- 
sion steps. SPARQLMotion can 
then export the new data into 
other files, or the data could be 
written into a database. 

Holger Knublauch, vice pres- 
ident of product development at 
TopQuadrant, described a visual 
scripting language as being simi- 
lar to model-driven develop- 
ment, since users work with a set 
of predefined modules, instead 
of writing code in a text editor. 
Those modules are arranged on 
a graphical editor, and an execu- 
tion engine traverses the graph 
and executes a certain Java class 
for each of the modules, he said. 
The script is represented in 
RDF (Resource Description 
Framework) and OWL (Web 
Ontology Language), with no 
other languages required. 

The target audience for 
SPARQLMotion is database 
administrators or people who 
have worked with similar data 
formats; for example, people 
who have some skills in XML. 
Knublauch said that SPARQL 
is comparable to SQL, so some- 
one with knowledge of SQL 
would be able to use the soft- 
ware with some training. 

"SPARQLMotion is opti- 
mized for semantic Web data, 
and its language is defined in 
RDF. We believe that the main 
advantage of this is that, simply, 
RDF is a much better language 
for bringing data together from 
multiple sources than XML or 
other traditional languages," 
claimed Knublauch. 

SPARQLMotion can work 
with TopBraid Composer Mae- 
stro Edition, TopQuadrant s 
ontology modeling tool, and 
TopBraid Live, the company's 
semantic application deploy- 
ment platform. 

Knublauch said that semantic 
Web technologies haven't been 
adopted in the mainstream 
enterprise because the proper 
tools haven't been developed, 
hindering companies from offer- 
ing Semantic Web software. I 
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EU Levies Record SOB Fine as Microsoft ... 



< continued from page 1 

said. "If the EC and EU are so interested 
in relief for supposedly downtrodden 
users, where are all of the millions they 
want to collect from Microsoft going? 
Let the punishment fit the crime. They 
are being spiteful." 

The court had ordered the company 
to supply its competitors with the inter- 
operability information, but now says 
that the royalty rates Microsoft charged 
were unjustifiably high. The initial rates 
Microsoft demanded were 3.87 percent 
of a licensees product revenues for a 
patent license and 2.98 percent for ac- 
cess to interoperability information. 

Last May, those rates were lowered 
to 0.7 percent and 0.5 percent, respec- 
tively, for European customers; world- 
wide rates remained unchanged. 
Microsoft later made interoperability 
information available for a flat fee on 
Oct. 22, and began publishing some of it 
outright last month. 

"Microsoft was the first company in 
50 years of EU competition policy that 
the Commission has had to fine for fail- 
ure to comply with an antitrust deci- 




sion," said European Competition Com- 
missioner Neelie Kroes in a prepared 
statement. "I hope that todays [Feb. 27] 
decision closes a dark chapter in 
Microsoft's record of non-compliance 
with the Commission's March 2004 deci- 
sion and that the principles confirmed 
by the Court of First Instance ruling of 
September 2007 will govern Microsoft's 
future conduct." 

In what could be perceived as a last- 



minute bid for clemency, Microsoft 
announced a major interoperability ini- 
tiative in February. It declared that it 
would publish the documentation for 
the APIs of its high-volume products, 
including Exchange Server 2007, Office 

2007, Office SharePoint Server 2007, 
SQL Server 2008, Windows Server 

2008, Windows Vista (including the 
.NET Framework) and all future edi- 
tions of those products. 



The official launch event for three of 
those products — SQL Server 2008, 
Visual Studio 2008 and Windows Server 
2008 — was held last month. Windows 
Server and Visual Studio were already 
available through MSDN; SQL Server 
will not be generally available until later 
this year. 

Access to the interoperability infor- 
mation is free, but implementing the 
protocols is another matter, since they 
remain Microsoft's intellectual property. 
Microsoft also said that it will now grant 
licenses to all relevant patents at "fair" 
and "non-discriminatory" rates. 

A Microsoft spokesperson said that 
the company was reviewing the Euro- 
pean Commission's actions and main- 
tained that it was in full compliance with 
the 2004 issues, adding that the fines are 
about past issues that it believes have 
been resolved. 

"As we demonstrated last week with 
our new interoperability principles and 
specific actions to increase the openness 
of our products, we are trying to focus 
on steps that will improve things for the 
future," the spokesperson added. I 



... Agrees to Publish API, Windows Documents 



< continued from page 1 

more than 30,000 pages of documentation 
for its Windows client and server proto- 
cols onto the Microsoft Developer Net- 
work Web site. 

The company said that protocol doc- 
umentation for additional products, 
including Office 2007, would be pub- 
lished in the coming months. 

Access to information about the net- 
working protocols was previously 
restricted by a trade secret license 
under one of two schemes: the 
Microsoft Work Group Server Protocol 
Program and the Microsoft Communi- 
cation Protocol Program. 

Microsoft was forced to make the 
protocol documentation available to 
competitors under these schemes after 
the European Union's Court of First 
Instances ruled in September 2007 
against Microsoft's appeal of the 2004 
decision by the European 
Commission that found 
the company guilty of 
anticompetitive behavior. 

In January, an 
emboldened European 
Commission decided to 
initiate two antitrust 
investigations against 
Microsoft, brought on by 
complaints from the 
European Committee for 
Interoperable Systems, a 
coalition of Microsoft 
rivals, and Opera Soft- 




CEO Ballmer touts 'significant 
expansion' in interoperability. 



ware, a browser maker. The complaints 
accused Microsoft of infringements of 
the rules on abuse of a dominant market 
position, as set forth in Article 82 of the 
Treaty establishing the European Com- 
munity, originally Article 86 of the 1957 
Treaty of Rome. 

Last month, the Commission issued a 
statement acknowledging Microsoft's 
intention to promote interoperability in 
its high-volume products, but pointed 
out that the company's announcement 
was unrelated to the question of 
whether the company has been comply- 
ing with EU antitrust rules in interoper- 
ability in the past, or whether it was just 
paying lip service to interoperability. 

"The Commission," read the state- 
ment, "would welcome any move toward 
genuine interoperability. Nonetheless, 
the Commission notes that [the] an- 
nouncement follows at least four similar 
statements by Microsoft 
in the past on the impor- 
tance of interoperabili- 
ty." The statement also 
made clear that its inves- 
tigations would continue 
regardless of Microsoft's 
announcement. 

"These steps repre- 
sent an important step 
and significant change in 
how we share informa- 
tion about our products 
and technologies," said 
Microsoft CEO Steve 



Ballmer in a prepared statement. "For 
the past 33 years, we have shared a lot of 
information with hundreds of thousands 
of partners around the world and helped 
build the industry, but today's announce- 
ment represents a significant expansion 
toward even greater transparency. Our 
goal is to promote greater interoperabili- 
ty, opportunity and choice for customers 
and developers throughout the industry 
by making our products more open and 
by sharing even more information about 
our technologies." 

Over the years, Microsoft accumulated 
vast portfolios of patents in gaining its 
dominant market position. The company 
said it will indicate on its Web site which 
protocols are subject to Microsoft patents, 
and will license those patents "on reason- 
able and non-discriminatory terms." 

The company has extended an olive 
branch, in the form of a covenant not 
to sue, to open-source developers that 
distribute non-commercial software 
based upon Microsoft protocols. Com- 
panies that distribute software for prof- 
it will be required to obtain a patent 
license from Microsoft, but enterprises 
using those solutions will not require 
such a license. 

Another step Microsoft announced by 
way of adhering to the interoperability 
principles is documenting how the com- 
pany supports industry standards, and 
working with other implementers of a 
particular standard to ensure that imple- 
mentations are consistent across products. 



INTEROPERABILITY 
PRODUCT ROSTER 



• Exchange Server 2007 

• Office 2007 

• Office SharePoint Server 2007 

• SQL Server 2008 

• Windows Server 2008 

• Windows Vista 

(including the .NET Framework) 

In a bid for transparency, Microsoft 
will stipulate when it has extended stan- 
dards with proprietary extensions. The 
company pledged to provide supporting 
documentation for the extensions. 

Microsoft will also launch an Open 
Source Interoperability Initiative, a pro- 
gram that will promote greater interop- 
erability between community-built and 
proprietary software products. 

The company will make a similar effort 
to address data exchange between widely 
used document formats and intends to 
design APIs for Office 2007 client applica- 
tions, to enable developers to plug in addi- 
tional document formats and to set those 
formats as the defaults for documents. 

In a separate statement, Microsoft 
chief software architect Ray Ozzie said 
Microsoft knows that developers want it 
to deliver software and services that can 
be integrated with other solutions. I 
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ISO Meeting to Decide OOXML's Fate 



BY DAVID WORTHINGTON 

In a meeting that will influence the 
adoption of OOXML and future devel- 
opment of Microsoft Office, national 
standards bodies convened in Geneva 
last month. They hoped to reach con- 
sensus on what modifications should be 
made to the Office Open XML 
(OOXML) specification before it is 
resubmitted to ISO for another vote. 

The company began lobbying in late 
2005 to have its XML-based document 
formats approved as ISO standards. 
Though Ecma International passed 
OOXML virtually without comment, the 
response from ISO participants has been 
lukewarm. In September, Microsoft failed 
to attract support from enough ISO mem- 
ber nations to permit the fast-track 
approval of OOXML as an ISO standard. 

Since then, Microsoft has pushed 
interoperability, taking steps to placate 
dissenting members, including making 
documentation about its binary Office 
formats more accessible to developers. 

Ecma International will play a promi- 
nent role in the ISO meeting. Its Tech- 
nical Committee 45, the group steering 
Open XML through ISO, was tasked 
with addressing comments made by ISO 
members that took part in reviewing the 



specification and will revise OOXML 
based on the feedback. 

ISO will vote on OOXML again this 
month if the Geneva meeting produces 
a consensus on changes. 

The topic of format change is often a 
buzz-kill in document archiving circles. 
Microsoft has acknowledged that 
OOXML will evolve, and that evolution 
may require the company to modify the 
Office formats again. 

Burton Group research director and 
vice president Guy Creese said enterpris- 
es must decide whether to wait for the 
OOXML standard to mature or to imple- 
ment it now. But he said they could begin 
using it today to gain the benefits of using 
an XML format over binary. 

Perhaps foremost of those benefits, 
according to analyst Michael Cherry 
with research firm Directions on 
Microsoft, is that XML has a more easi- 
ly parsed format and is more readable. 

"This is similar," Creese wrote in an e- 
mail, "to asking, 'Should I use [Open 
Document Format] now, or wait for 
ODF 1.2?' Its always a judgment call, but 
waiting for significant maturity means not 
being able to take advantage of the stan- 
dard in the meantime, and we think the 
XML file format standards (whether 



ODF or OOXML) offer significant bene- 
fits over the binary file formats." 

Jean Paoli, general manager of inter- 
operability and XML architecture at 
Microsoft, admitted that even the com- 
pany would be in the dark as to the final 
contents specification, until the entire 
ISO process is completed. Microsoft is 
committed to making changes to the 
Office family over time to reflect 
changes in the OOXML format, he said. 

IDC vice president Melissa Webster 
said enterprise buyers are motivated by 
the need to support legacy file formats — 
not by the strengths or weaknesses of the 
underlying document format. 

"Customers today are buying Office 
2007 the product suite— not OOXML the 
format," she explained in an e-mail. 
"There's a high level of trust that 
Microsoft will ensure backward compati- 
bility for legacy docs. I would be surprised 
if Microsoft backed off that promise." 

Paoli said that hundreds of ISVs have 
implemented OOXML, including Intel 
and Novell, adding that this acceptance 
demonstrates that the specification is 
manageable and widely supported. 

He also asserted that OOXML has 
cross-platform appeal, citing the work of 
Linux vendors, including Novell, toward 



enabling document interoperability 
between OOXML and Open Document 
Format as an example. 

That said, Microsoft is still working 
toward internal interoperability. Win- 
dows-based users with Office 2000, XP 
and 2003 got a stable set of conversion 
tools in November. Even after repeated 
delays, Microsoft has yet to deliver an 
Office Open XML file format converter 
for Mac Office 2004. In a Feb. 21 blog 
entry, the Mac Business Unit revealed 
that the converter's release had been 
delayed to allow conpletion of updates to 
Office 2008, which shipped in January. 

CALL FOR BINARY INFO 

Some ISO members asked Microsoft to 
take steps to make it easier to obtain 
information about the Office binaries 
over the Web, prompting the company to 
respond by adding the binary formats for 
Office Excel, PowerPoint and Word to its 
Open Specification Promise (OSP) on 
Feb. 15. It is also issuing patent rights 
and sponsoring tools that are designed to 
ensure that the formats are legally benign 
and highly interoperable with OOXML. 

OSP, says Microsoft, is an irrevocable 
promise not to sue developers for using 
Microsoft patents while they are imple- 
menting a covered specification. Devel- 
opers can create mappings between the 
binary formats and OOXML to translate 
documents written in either scheme. I 




Welcome to the next generation 

Doc-lb-Help 2008 is packed! with the features you need to single-source your 
Microsoft Word or HTML. Content la punt, online Hetp, and Web COntent-Tlil$ 
release combines efficient new authoring features with fantastic end- user features. 



y New intuitive Office 2007 
Style Interface: 
Makes features and settings 
easy to find and use 




;rr j - 



j XHTML Output is completely standards-compliant 

y Related Topics Editor provides a new ability to drag 
and drop [frits and form relationships 

j Flash Movies tat i be Inserted into your Word source 
i Jo- nmenfr, 

J Style Sheet Editor allows you to manage styEes fr> an 
9fii«?2Q0? style and intuitive interface 

^ Collapsing sections give you yet another feature for 
our industry fading outputs 



Component One 8 

Doc 



Fcx more infbimc'tion. on DoctDHe'p "-/sit. 
www.docto he I p.com 




Instantly Search Terabytes of Text 




1 instantly Search 
Terabytes ofjext 




Contact dtSearch for 
fully-functional evaluations 



dozens of indexed, unindexed, fielded 
data and fufl-text search options 
(including Unicode support for hundreds 
of international languages) 

♦ file parsers / converters for 

hit- high lighted display of all popular 
file types 

♦ Spider supports static and dynamic web 
data; highlights hits while displaying 
links , formatting and images intact 

♦ API supports .NET, C++, Java, databases, 
etc New .NET Spider API 



The Smart Choice for 
Text Retrieval* since 1991 



♦ "Bottom line: dtSearch manages a 
terabyte of text in a single index 
and returns results m less than a 
second" - infoWohd 

♦ "For combing through large 
amounts of data" dtSearch "leads 
the market" - Network Computing 

♦ dtSearch "covers all data sources ... 
powerful Web-based engines" 

- eWEEK 

♦ dtSearch "searches at blazing 
speeds" - Computer Reseller News 
Test Center 

See www.dtsearch,com for hundreds 
more reviews, and hundreds of 
developer case studies 



00-IT-FINDS • www.dtsearch.com 



Software Tfesj 
& Performaii 

CONFERE 





April 15-17, 2008 
San Mateo Marriott 
San Mateo, CA 




I 



T«S 



*0% 



esr«* c 



HIXB»TS 



try Out*ei> 



TERRIFIC TOPICS! 

Improving Web Application Performance 

Optimizing the Software Quality Process 

Developing Quality Metrics 

Rapid Business-Driven Testing 

Charting Performance Results 

AND OVER 70 MORE TO CHOOSE FROM! 



A BZ Media Event — 

www.stpcon.com 



SUPERB SPEAKERS! 

Michael Bolton • JeffFeldstein 
Michael Hacked; * Jeff Johnson 

Bj Rollison * Rob Sabourin 

Mary Sweeney ■ Robert Walsh 

AND DOZENS MORE! 



Register by March 28 to Get The 
Early-Bird Rate and SAVE $200! 





NMRin Sponsors 



emptnx **>' infoTe<h 



RTTS 



Logi Gear Q Mu Security 



Siller Sponsor 

$1 CODENOMICON 



v e n r 



24 



NEWS 



Software Development Times . March 15, 2008 



www.sdtimes.com 



Sun Acquisition Could Speed MySQL Roadmap 



< continued from page 1 

and oversees Sun's Java and en- 
terprise software development. 
One possible reason for the 
quick absorption by Sun is the 
distributed nature of the 
MySQL team. More than half 



of its members work from 
home, and the former company 
had few offices. 

Similarly, Sun prides itself 
on having a flexible work-from- 
home policy, and has for years 
implemented hotel-style desk 



assignments on some of its 
campuses. Some Sun employ- 
ees may change desks from one 
day to the next, using smart 
cards to log into the network 
via terminals. 

According to Mickos, com- 



pleting the acquisition will allow 
the MySQL development team 
to move more quickly toward its 
goals. He was careful to point 
out that there will be no changes 
in the MySQL roadmap, except 
in the time scale. 
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"We will accelerate the 
roadmap. We now get access to 
abilities and resources we didn't 
have before in terms of perfor- 
mance, scaling, threading and 
I/O," said Mickos. 

The purchase of MySQL, said 
Schwartz, gives Sun something it 
couldn't get anywhere else in 
enterprise software. "MySQL is 
one of the most valuable brands 
in the free and open-source soft- 
ware world and has a user base of 
around 11 million," he noted, 
adding that a user base this size is 
tough to find inside enterprise 
software. 

With the completion of this 
acquisition comes a host of new 
service and support options for 
companies seeking to build 
applications around MySQL. 
Corporations can try out the 
new MySQL support offerings 
from Sun with a free trial at 
www.mysql.com/trials. I 

ROGUE WAVE 
REFRESHES SDO 
COMPONENTS 

BY P.J. CONNOLLY 

Developers creating SOA data 
services in C++ and Java got a 
hand when Rogue Wave Soft- 
ware recently released updates 
to its HydraSDO data compo- 
nents. Both the database and 
XML versions of Hydra-SDO 
use the Service Data Object 
(SDO) API to expose data 
sources as decentralized, inde- 
pendent and lightweight ser- 
vices, the company said. 

HydraSDO for XML 2.2 is 
for unstructured data and pro- 
vides a data access service for 
parsing XML data. It could also 
populate data graphs. 

HydraSDO for Databases, 
meanwhile, works with 
MySQL, Oracle, SQL Server 
and Sybase databases to pro- 
vide read-write functionality 
against relational databases 
without requiring the develop- 
er to write SQL statements, 
said Rogue Wave. 

In both, the data sources are 
presented through an XML-style 
interface that can act as a real- 
time SOA data service. The com- 
ponents can be stand-alone tools 
or they can work with the com- 
pany's HydraSCA, its Service 
Component Architecture-based 
SOA deployment platform. 

Full-function evaluation ver- 
sions of both components are 
available from Rogue Wave's 
site: www.roguewave.com. I 
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Sybase Rolls Inbox of the Future' 

iAnywhere takes office mobile with e-mail suite, security tools 



BY P.J. CONNOLLY 

With an eye to making mobile e-mail 
even more invaluable than it already is for 
many, Sybase iAnywhere this month 
launched Mobile Office, part of the com- 
pany's Information Anywhere suite that it 
says will be the "inbox of the future." 

Mobile Office works with Symbian 
and Windows Mobile devices and pro- 
vides wireless e-mail, integrated client 
security backed by the company's Afaria 
security tools, and business process 
mobilization via a mail-driven approach. 
One can do such things as approve 
expense reports and purchase orders, 
take notifications from CRM systems, or 
take other steps to complete business 
processes without being tied to a desk. 

Sybase iAnywhere's director of prod- 
uct management, Senthil Krishnapillai, 
explained that Mobile Office's goal was 
to make e-mail more seamless and 
adaptable to end-user requirements, 
which only grow over time. Other fea- 
tures make it easier for users to provi- 
sion themselves, he noted, simplifying 
administration by more closely tying into 
an organization's existing directory and 
e-mail infrastructure. 

Sybase also announced an update to 



Afaria that offers new data decryption 
features, interoperability with GPS sys- 
tems and improved password recovery 
features, the company said. 

Perhaps the most dramatic change is 
in the encryption features, where 
decryption is now performed on- 
demand and only when the application 
or operating system requests it. Accord- 
ing to the company, this makes logins 
faster by avoiding the need to decrypt all 
of the user data on the device at once. 
The new scheme is also said to improve 
application performance by only re- 
encrypting changed data. 



The crypto processes are applied to 
data at a device, rather than application, 
level; this, says the company, makes 
implementing a higher degree of securi- 
ty simpler by removing any need to 
touch the overlaid applications. 

User interface updates in the Afaria 
release include file selection and subdi- 
rectory use, locking the device to allow 
GPS navigation programs to run without 
interruption, and layering alarms and 
notifications in front of the lock screen. 
That allows users to view and dismiss 
notifications without logging back into 
the device. 




Krishnapillai says the challenge is keeping 
up with growing end-user reguirements. 

An Afaria update for Window Mobile 
devices is slated for this month, with 
other devices to follow. Mobile Office is 
expected out in the second quarter. I 



Zong Tries to Make Money With Mobile 



BY P.J. CONNOLLY 

If one wishes to monetize a mobile ser- 
vice, the first trick is to build something 
that people are actually willing to pay for. 
The second part is making it work, and a 
division of Swiss mobile media provider 
Echovox thinks it has an answer. 

That would be Zong, with its Zong 
Open Mobile Platform. The company 
launched the mobile development scheme 
in the U.S. last month with support from 



eight major carriers, including AT&T, 
Sprint Nextel, T-Mobile and Verizon. 

Zong said that its HTTP-based API 
allows developers to write once for the 
platform, and then deploy without mod- 
ification to reach subscribers on more 
than 50 major carriers around the globe 
servicing half a billion customers. 

The market for mobile content is 
roughly five times that for Web content, 
according to the Mobile Entertainment 



Forum, which pegs the value of roaming 
media at US$20 billion. 

"Launching mobile service in the U.S. 
has never been easy," said Zong CEO 
David Marcus in the announcement. 
"Since we have removed the roadblocks" 
of having to make deals with individual 
carriers and rework content for a myriad 
of handsets, he said that, "companies can 
finally supplement the traditional ad- 
based model." I 
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TOO MUCH 

OF A GOOD 
THING? 

If Use AJAX sparingly, experts warn 



BY JENNIFER DEJONG 



No wonder it has caught on like wildfire. AJAX — 
which stands for Asynchronous JavaScript and 
XML — promises to deliver a better experience for 
Web users and a more efficient way for developers 
to manage communication between the browser and 
the server But, according to AJAX experts, many early efforts 
that used the technology failed to accomplish either of those 
goals. Indeed, those early missteps led to a raft of Web sites 
that use AJAX as little more than window dressing and often 
exhibit a drag, rather than a boost, in performance. 

SD Times asked the experts to offer their best advice on 
when, where and how to use the development technique, 
which lets the Web browser retrieve information from the 
Web server without having to update the entire page. 
Here's what they had to say: 

Don't use it just because everybody else does. The 
Web is awash with AJAX-enabled pop-up boxes that look 
nice but don't add information, said Microsoft senior pro- 
gram manager Joe Stagner. Used that way, AJAX is a wast- 
ed investment, he said. "We jumped on the bandwagon, did 
a bunch of stuff, and later on we figured out a lot of that 
stuff wasn't such a good idea." 

Some Web retailers in particular were guilty on that count, 
said Frank Spillers, co-founder of user interface design con- 
sultancy Experience Dynamics. 'We see a lot of pop-up views 
right before you [click on] the product. It's overkill." Like a 
cook who has just discovered garlic, developers tend to 
overuse AJAX, added Patrick Hynds, president of application 
development consultancy CriticalSites. "They want to put it in 
everything, even a peanut-butter-and-jelly sandwich." 

Use AJAX to create business opportunities. AJAX 
lets the Web application update what the user sees, based 
on his or her actions, and this is a powerful capability when 
you apply business-sawy logic to it, Stagner said. For exam- 
ple, he cited a bank Web site that lets users fill out credit 
card applications, targeting advertising to applicants based 
on their date of birth. In the past, ads didn't appear until the 
user had submitted the completed form, including date of 
birth. By that point, he explained, the applicant was already 
disengaged. Now the bank uses AJAX to grab that informa- 
tion before the application process is complete. As soon as 
the user types in the date of birth, the bank targets its ads 
accordingly, Stagner explained. 

Don't do user validation on the client. AJAX is all about 
implementing tasks on the client that traditionally have been 
carried out on the server. But bag that idea when it comes to 
security validation, said Hynds, whose consultancy specializes 

continued on page 28 ► 
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Experts: AJAX Is Hot, 



< continued from page 27 

in security. "Client-side security validation 
is a big no-no. It's too easy [for a hacker] to 
remove." AJAXs concept doesn't intro- 
duce new threats, but it does elevate the 
risk level because it extends an applica- 
tion's attack surface. That can make a site 
vulnerable to cross-site scripting, in which 
a hacker steals user data by inserting a 
malicious script designed to execute on a 
dynamic page, noted David Boloker, 
IBM's CTO of emerging Internet tech- 
nologies. "But this isn't an AJAX problem," 
he said. "It's a Web problem, to be 
addressed with security best practices." 

Don't get too chatty. AJAX is 
designed to retrieve information from the 
Web server without having to update the 
entire page. But many developers turn 
that virtue into a vice, creating applications 
that are "too chatty," said Nicholas Zakas, 
co-author of "Professional AJAX" (Wrox, 
2007), among other books. The applica- 
tion, he explained, is always going back to 



the server to "get something, to get some- 
thing [again], to get something [one more 
time]." That leads to performance prob- 
lems that could have been avoided by 
managing the data differently, he noted. 
"Go back to the server only when neces- 
sary. If you have requests going out three 
times in a 10-minute span and you have a 
million users on the site, there's going to 
be a performance impact." 

Dedicate a server to each AJAX 
task. When you zero in on a task that's 
well suited to AJAX, give the hardware 
enough juice to carry out the job, said 
Bill O'Donnell, chief architect for travel 
search engine Kayak.com. The site 
relies on AJAX to implement several 
key features, including a smart box that 
comes up with possible airport picks as 
soon the user starts typing. O'Donnell's 
team dedicated a single server to that 
task. "We wanted very fast response 
time — zero latency," he said. "The 
smart box [where a user types in airport 
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FIVE QUESTIONS TO ASK 
WHEN CONSIDERING AJAX 

Usability consultant Frank Spillers weighs in 



t| Will using AJAX greatly improve the user 
I • experience with my site or Web application? 
Do not use AJAX if it does not enhance a strategic 
aspect of your user experience. Such pitfalls as browser 
incompatibility could create technical and usability 
headaches for JavaScript developers and users. Be sure 

to test, refine code and retest. Just because the AJAX element works on your 
browser does not guarantee it will work on those of your users. 

t^ What is the user experience strategy that complements AJAX? 
£• Though it can add sizzle, AJAX is a collective strategy to improve a 
user's ability to complete tasks more effectively. AJAX is not the answer to 
every design problem; often, it is inappropriate or irrelevant. The excitement in a 
design should center on, "How can this improve the user's task?" as opposed to, 
"How can we AJAX-ify this page to make it cool?" 

t<j Will JavaScript gracefully degrade in browsers, and is there an 
*)• alternative if a user's browser gets stuck? Developers should sup- 
port graceful degradation, using JavaScript detect scripts, and support 
JavaScript-free and mobile-friendly versions. Try to keep AJAX to user interface 
elements that add value throughout the experience but do not primarily reguire 
the technology to navigate a Web site, for example. 

tM Is there a real need to use AJAX, or is it "just because"? The technical 
^r» pitfalls associated with AJAX reguire a disciplined use of JavaScript and 
AJAX. Think strategically about how AJAX can help the user on a particular 
page. Do not take AJAX for granted as a user interface technigue. One should 
assume users will not be familiar with the interface tricks that AJAX offers; instead, 
try to make everything transparent. For example, a plus button that opens up should 
have a "Details..." link beside it. 

t|" Are you inventing new designs, or reinventing problematic designs- 
3* and how will you know if they work? Good AJAX usability comes from 
testing your design with your target audience. Users rarely drink the Kool-Aid 
of new, whiz-bang technologies or interface enhancements. AJAX should be used 
in the context of a user's task and should help remove the browser's workload of 
fetching pages and handshaking with a database. AJAX usability means that a 
user can do something on the screen that changes the display, and do so guickly, 
with minimal effort and with a responsive, just-in-time interface. 

Source: Adapted from Demystifing Usability: experiencedynamics.blogs.com 
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But Pick Your Spots 



gets a lot of hits. 

Keep in mind which PCs people 
are using. AJAX code can run superfast 
on an Intel Core 2 Duo, said O'Donnell, 
referring to a PC using a modern CPU. 
"But [Web site visitors with] older PCs 
are going to feel the pain of JavaScript, 
so you need to test code on older 
machines as well." That way, you can get 
out your JavaScript debugger, figure out 
what the problem is and fix it, he said. 

Use AJAX to keep Web shoppers 
engaged. There are plenty of examples 
in which AJAX is used as just window 
dressing. But it really shines at presenting 
a set of complex features and functions 
that help decision-making, said usability 
consultant Spillers. "It's good at layering 
in information, tasks and sub-tasks." 

One case in point is Blue Nile, a Web 
retailer that sells diamonds. The site 
relies on AJAX for its Build Your Own 
Ring feature, which guides shoppers 
through the process of setting a price 
range, then selecting a diamond and set- 
ting for the ring. Along the way, shop- 
pers get educated on everything from 
diamond shapes to the degree to which 
the stone has been polished. 

"AJAX delivers nicely here to improve 
decision-making," said Spillers. What 
Blue Nile is doing, no pun intended, is 
engaging the ring buyer. "A Web jeweler 



can lose people quickly," but AJAX helps 
create a shopping experience compelling 
enough to keep the buyer on the site to 
make a purchase, he said. 

Think in terms of progressive dis- 
closure. That's a fancy way of saying 
"give the user a little bit of information at 
a time," said Spillers. Blue Nile's ring- 
building feature exemplifies this interac- 
tion design technique, which sequences 
information and actions across several 
screens to keep the user from getting 
overwhelmed. "By disclosing informa- 
tion progressively, you help the user 
manage the complexity of feature-rich 
sites or applications," he said. 

Use AJAX to display dynamic infor- 
mation against a static background. 
This is another task in which AJAX excels, 
said Julian Payne, vice president of visual- 
ization research and development for 
ILOG, which sells graphical components 
for building AJAX-based user interfaces, 
among other offerings. The idea is to sep- 
arate the static information (such as a 
map) from the dynamic data (such as an 
alert about a car accident or traffic jam), 
letting users click on the information they 
need. 'With AJAX, you can get the infor- 
mation and display it, without refreshing" 
the entire map. 

The easy way isn't always the most 
appropriate. Tools make AJAX easy to 




'Go back to the server only when 
necessary. If you have requests going out 
three times in a 10-minute span and you 
have a million users on the site r there's 
going to be a performance impact. ' 

—Nicholas Zakas, co-author of "Professional AJAX" 
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implement, but to apply them intelligent- 
ly, it's crucial to understand what's going 
on the behind the scenes, said Adam 
Calderon, a practice lead for .NET con- 
sultancy InterKnowlogy, and co-author 
with Joel Rumerman of the book 
"Advanced ASP.NET AJAX Server Con- 
trols," expected from Addison- Wesley lat- 
er this year. 

Nowhere is that more so than with the 
UpdatePanel control in ASP.NET Mi- 
crosoft developers are drawn to 
UpdatePanel, he explained, because it 
allows them to implement AJAX without 
any knowledge of JavaScript. But, because 
the control does a full-page postback 
instead of a partial-page postback, perfor- 
mance problems occur when developers 
overuse it. A better approach would be to 
employ a Web service to get the data, and 
client-side code to repopulate the page, 
said Calderon. A more focused communi- 
cations channel is always preferable in 
larger deployments, he said, noting that 
UpdatePanel is not a bad approach for a 



small site to be used by 30 to 40 people. 

Understand that client-side pro- 
gramming is new. Many developers that 
use AJAX haven't wrapped their brains 
around the idea that programming for the 
browser is not the same as programming 
for the server. "You can't build complex 
client-side code and expect the same per- 
formance you get with server-side code," 
said Stagner. "There is an optimization 
that can take place on the server that just 
can't happen on the client." 

To use AJAX effectively, sit down and 
think about the application in ways that 
weren't necessary before, Calderon 
added. "How do I converse with the 
server in the most efficient way possi- 
ble? How do I bring in what I know 
about client/server development, what I 
know about SOA development, to the 
process?" Those are the questions you 
have to ask, he said. "It's more difficult 
than earlier Web programming ap- 
proaches. But it brings greater benefits, 
in more situations" over time. I 
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FROM THE EDITORS 

Microsoft Should Walk Its 
Interoperability Talk 

We favor interoperability and welcome Microsoft's pledge to share 
technical information that will help developers write software that 
works well with its products. However, we question whether it will follow 
through with its promise or re-engage in the type of minimalist disclo- 
sure and foot dragging that has done little to obscure its solipsism. 

The timing of Microsoft's announcement is conspicuous. Despite its 
frequent claims that it believes in interoperability, the company only 
shares knowledge when threatened by courts. 

Just before the European Commission handed down the latest in a 
series of fines against Microsoft, the company announced a fairly com- 
prehensive plan to share interoperability information and has committed 
itself to a timeline for releasing API documentation for many of its high- 
volume products. 

If Microsoft invests the resources necessary for ISVs and enterprise 
developers to understand how its products work, and its documentation 
is reasonably good, it could make significant strides toward making inter- 
operability a reality, and that benefits everyone — including Microsoft. 

Interoperability keeps customers happy and ensures that Microsoft 
products are good actors in increasingly heterogeneous IT infrastructures. 

In the past, Microsoft has demonstrated a willingness to work 
toward interoperability, but on its own terms. The company's embrace 
of WS-* Web standards is an excellent example. But its willingness to 
be play well with others has not always been apparent — even in its 
recent history. 

The latest EC fine of €899 million (US$1.3 billion) was imposed for 
a good reason: Microsoft was making bank off of the EC's mandate 
that it provide competitors with interoperability information. In July 
2006, it was fined €280.5 million ($357 million) for stalling. Failure to 
comply with a court order is hardly a sign that it has wanted interop- 
erability. 

Trailing backward, Microsoft's record is even less inspiring. In the 
movie "Thank You For Smoking," one of the main characters was asked, 
"Dad, why is the American government the best government?" and 
responded, "Because of our endless appeals system." 

Microsoft understands this all too well. The company tried everything 
to draw out its settlement with the Clinton-era U.S. Justice Department 
until a friendlier administration presented it with a more favorable deal. 

With an eye to the past, a cynic could justifiably say that Microsoft's 
latest interoperability pledge is nothing more than a last-minute "call to 
the governor" begging for clemency. But Microsoft found no remunera- 
tion, and the EC brought the hammer down anyway, making Microsoft 
pay a considerable sum for its presumed sins. 

It is likely that the EC will up the ante should it have to sanction 
Microsoft again, and Microsoft is well advised to make a sincere effort to 
increase the openness of its products. 

Should Microsoft keep its word and deliver what's required by the 
courts, we believe that, over time, the EC should back off. The EC, after 
all, was reacting to complaints by Microsoft's competitors — not by con- 
sumers. The goal should be a level playing field, not one tipped against a 
single company, no matter how powerful that one company is. Ultimate- 
ly, the EC will receive greater than $2.3 billion in fines from Microsoft, 
but has given no indication that any of it will be used to provide relief for 
consumers. 

Microsoft is a convicted monopolist and is being punished for its 
crimes. If it returns to its old anticompetitive ways, it should be punished 
again. If the company truly has a change of heart, however, that should 
be taken into account. 

The industry is changing, and Microsoft must change with it. Interop- 
erability is important and a necessary step for it and its competitors. We 
hope that this time, Microsoft has finally learned this important lesson. I 
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IN THE LAST ISSUE OF SD TIMES, 

I wrote a story about accuracy and secu- 
rity issues with direct-recording elec- 
tronic voting machines. The ironic thing 
is that, as I live in New York, I have yet 
to use such technology; we still use tra- 
ditional mechanical lever machines. 
Compared with most other states, New 
Yorkers might as well be drawing pic- 
tures on cave walls to show how we 
choose candidates. 

Nevertheless, the Empire State will 
go electronic in 2009, and to tell the 
truth, I'll miss the levers. I'm not sure 
if tapping on a screen will offer the same 
satisfaction of yanking back a metal 
bar and causing a sound like a train 
roaring past. — JejfFeinman 

AFTER SPENDING THREE YEARS 

writing about software, I'm a little appre- 
hensive about my coming move to BZ 
Media's newest publi- 
cation, Systems Man- 
agement News. The 
world of servers is not 
nearly as interesting or 
alluring as the world of 
code. Sure, there's an 
awful lot of exciting stuff going on in data 
centers these days. And, yes, the world's 
databases store an almost infinitely 
expanding spiral of the human experi- 
ence. But behind all of these beautiful 
pieces of iron and silicon, there is always 
code. Without it, computers are just 
doorstops. It doesn't work the other way 
around, either. Without computers, code 
is still math. And even without humans, 
math will always be the language in which 
the universe is written. — Alex Handy 

GOOGLE'S ANDROID SOFTWARE is 

impressive. I caught a glimpse of it in 
action a few weeks ago and wished it 
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were possible to replace the code on 
my spare Nokia phone with it, although 
the lack of a touch-screen might pre- 
sent problems. My BlackBerry still has 
the edge, due to its e-mail connectivity, 
but the idea of having iPhone-like 
functionality on less expensive hard- 
ware is liberating. Though I am certain 
there are hardware requirements that 
restrict Android's use, who knows what 
projects will arise after Google opens 
up the source code? It will raise the 
quality bar as the iPhone has; truthful- 
ly, mobile software could not get much 
worse. — David Worthington 

THE WATERFALL METHOD of software 
development has fostered the produc- 
tion of many excellent applications in the 
40-odd years it's been in practice. 
So why, then, do so many people wish to 
anoint agile practices as the latest water- 
fall killer? At BZ Media's FutureTest 
conference last month, about half the 
speakers made proclamations to the 
effect that waterfall is over. Yet, Collab- 
Net's Jack Repenning wasn't buying it. 
"Agile isn't the first so-called waterfall 
killer to come along," he said during a 
panel discussion. "But waterfall is still 
around." Why? Because people have 
had great successes with it. And Voke 
analyst Theresa Lanowitz told of a friend 
who now oversees a team of software 
engineers, saying that 
she'd like to move her 
team more toward agile 
processes, but the tools 
aren't there to do it on any 
grand scale. "People are 
more agile manner," she 
said, "but they aren't necessarily imple- 
menting the practices." Not to mention 
that it's really hard to change the culture 
of the workplace. — David Rubinstein 
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Enterprise Search Market 
On Billion-Dollar Track 



Enterprise search will continue to 
be a high-priority— and big-ticket- 
item for businesses, according to 
new figures from Gartner. 

Revenue from enterprise search 
software will grow from US$861 mil- 
lion in 2007 to $1.2 billion in 2010, 
the firm forecasts in "Dataguest 
Insight: Technology and Vendor Con- 
solidation Will Drive the Enterprise 
Search Market Through 2012." 

Gartner also noted that the mar- 
ket for enterprise search is matur- 
ing, as it moves from the high- 
growth phase of its early years into 
one of consolidation. Now, larger 
vendors-such as IBM, Microsoft, 
Oracle and SAP-are trying to claim 
dominance. I 
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Automated Negative Testing 



The Internet is a protocol blender 
where protocol mutations are a fact 
of life. Protocol testing is not just about 
breaking into things; it's about finding 
the weak spots through which a break-in 
could occur. 

Comprehensive security and robust- 
ness testing has become so specialized 
and expensive that it has moved beyond 
the reach of most software 
and hardware development 
organizations. The focus of 
those organizations is on-time 
delivery of new features. To 
ensure customer satisfaction, 
however, vendors are increas- 
ingly being asked by their 
users to ship only products 
that have been thoroughly 
analyzed and tested. 

Hardware and application 
software are moving to open standards 
and becoming more interconnected. 
They must be examined for underlying 
coding quality errors that could affect 
the customers service availability and 
security readiness. 

As applications move to open stan- 
dards and become increasingly intercon- 
nected, the speed at which organizations 
create and deploy flexible, rich applica- 
tions has accelerated. But these applica- 
tions inevitably have dramatically more 
risks because of their increased attack 
surface. In effect, while creating the 
applications has become far easier, per- 
forming the quality assurance on them 
has become much more difficult. 

As a result, traditional methods of 
testing no longer can scale, or are no 
longer relevant. Why? Because they 
don't account for the additional expo- 
sure created by interconnectedness and 
speed of deployment, which often 
requires laborious customization for 
each application. In other words, there's 
an inherent speed and effectiveness 
mismatch between application develop- 
ment/deployment and appropriate qual- 
ity assurance methodologies. 

MURPHY'S LAW 

Automated negative testing is one 
approach to eliminating the mismatched 
speed and effectiveness that currently 
exists between application development 
and QA/security analysis. At a basic lev- 
el, consider it the systematic application 
of Murphy's Law to the entire suite of 
Internet protocols. The past has proven 
that if something can go wrong when 
processing protocols, it will — and the 
consequences can be devastating. 

Something "going wrong" in the con- 
text of processing protocols can be 
either inadvertent or intentional. But 
that doesn't really matter. The conse- 
quences can be the same. Security is 
compromised. Services are denied. Sys- 
tems crash. Havoc gets wreaked. 
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To be truly effective, automated neg- 
ative testing — like all testing method- 
ologies — must be both rigorous and 
repeatable. The most important 
requirement for negative testing is that 
it be rigorous, and the practical reality 
of such rigor is what also demands that 
the methodology be automated. A truly 
rigorous system must: 

• Reflect the componentized, 
standards-based architecture 
of applications that depend 
on a rich set of interconnect- 
ed protocols 

• Uncover the impact of the 
network itself on applica- 
tions, taking into account 
today's service-oriented, ap- 
plication-aware open network 
infrastructure 

• Focus on distributed solu- 
tions, not monolithic application silos 

• Be broadly and deeply applicable 
without laborious customization 

• Integrate with external scripts, tools 
and third-party sources, especially those 
used to identify known vulnerabilities — 
with or without obfuscation 

• Identify potential unknown zero-day 
problems caused by protocol implemen- 
tation flaws 

• Not require source code for the analysis 

THE UNEXPECTED: COUNT ON IT 

The need for rigor must also accommo- 
date the real world. It's hard enough to 
get multiple protocols to work together 
under the best of laboratory conditions 
where the network is essentially pris- 
tine. Run those same protocol imple- 
mentations over a real-world network 
that reorders, drops, mangles and oth- 
erwise mutilates packets, and the 
chances rise dramatically that the 
implementation will experience the 
unexpected. In fact, the unexpected is 
always guaranteed in the real world. 

The other requirement is for 
repeatability. Indeed, automated nega- 
tive testing that cannot repeat results is 
of little value in the software develop- 
ment life cycle. How can programmers 
be expected to fix a bug or flaw unless 
its causes can be reproduced? How can 
regression testing be accomplished 
successfully without verifying that past 
problems have not somehow reap- 
peared? The need for repeatability 
brings up an important difference 
between ordinary fuzzing and robust 
automated negative testing: stateful- 
ness. Although some problems can be 
caused by a single malformed packet 
or errant variable, many others are 
caused by a stateful progression or 
sequence of events. And hackers know 
this all too well. 

An important aspect of repeatability 
is the need for meticulous reporting. 
Nothing short of a complete, detailed 



report is capable of providing the knowl- 
edge transfer among disparate teams 
necessary for diagnosing problems accu- 
rately and resolving them quickly. A 
good report, in effect, closes the feed- 
back loop between QA and develop- 
ment. And that feedback must be 
actionable to be truly useful. 

MORE THAN SECURITY 

Testing tools that look only for security 
flaws are missing an equally important 
opportunity to enhance service availabil- 
ity by uncovering those problems that 
do not cause a complete system failure. 
For customers, of course, both issues 
are legitimate concerns. 

Security vulnerabilities represent an 
extreme in the spectrum of faults that 
might be uncovered during automated 
negative testing. Such vulnerabilities 
typically manifest themselves as "hard 
faults" that cause systems to crash. The 
causes of service availability problems, 
by contrast, are much harder to repro- 
duce using traditional QA/security tools. 
But the latter can be just as important to 
customers. 

Service availability problems can be 
caused by something as simple as higher 
CPU utilization spikes or memory leaks. 
In turn, those conditions cause users to 
experience slower responses, higher 
latency and jitter, or other undesirable 
behavior influencing the application. 

Consider denial of service. If a sys- 
tem's normal service level is degraded, 
then in some sense that system has 
experienced a denial of service. The 
degree can range from severe (a com- 
plete outage owing to a crash) to "just 
slower" (with reduced response times 
or throughput). 

An important thing to realize about 
processing invalid input is that a very 
small amount of such traffic can have a 
disproportionate and dramatic impact 
on the processing of valid traffic. Most 
people believe otherwise — that a coor- 
dinated assault generating an extraor- 
dinary amount of traffic is needed to 
swamp a system and, therefore, deny 
legitimate service. A robust automated 
negative test approach should, there- 
fore, evaluate for "SmartDoS" attacks 
that employ limited yet precise forms 
of violation on single protocols with 
the intent to avoid traditional distrib- 
uted DoS defenses. 

Most QA departments have not pre- 
viously had it in their charters to per- 
form negative testing systematically, 
despite the fact that embarrassing 
security and service availability weak- 
nesses in products clearly demonstrate 
that more rigorous testing is needed 
before products ship. That's why you 
should consider integrating negative 
testing — and automated negative test- 
ing — into your software development 
life cycle. I 

Kowsik Guruswamy is the co-founder 
and CTO ofMu Security. 
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ResolverOne Makes Extreme Programming Case 



I could simply talk about ResolverOne 
as one of the most innovative applica- 
tions I've seen in years. It's a Python 
development environment that is also a 
spreadsheet; define a function "foo" in 
the code area, click on a cell, type 
"=foo()," and wonder, "Why didn't Excel 
have this 15 years ago?" Conversely, 
import one of those multi-megabyte 
"power spreadsheets" that are so com- 
mon in businesses with complex 
domains, see it converted into a linear 
program, steeple your fingers, and hiss 
"ex-cell-ent" as you contemplate stream- 
lining, refactoring and dispersing the 
knowledge throughout the company 

A review of ResolverOne as an 
application would probably concen- 
trate on compatibility with Excel, 
acknowledge that it consumes large 
amounts of memory and processing 
power, and ultimately conclude that it's 
definitely a complement, not a replace- 
ment, for the de facto spreadsheet 
standard. 

In a review for SD Times, I could 
discuss at length the choice of Python 
as the user-exposed language. Dynam- 
ic languages, including Python, Perl 
and Ruby, have enjoyed increasing 
favor in Web development as alterna- 
tives to languages that are felt to be 



more unwieldy, such as C# and even 
Visual Basic. (JavaScript is by far the 
most widely used dynamic language, 
but is still primarily for in-browser dis- 
play manipulation.) 

Perl has been a mainstay of Web 
programming for the past decade, and 
Ruby's ascent has been so widely dis- 
cussed that you will be for- 
given a certain sense of 
fatigue at its mention. Python 
had only a short run as "the 
next big thing" at the begin- 
ning of the decade. But it 
does have an undeniably low 
barrier to entry, especially for 
programming newcomers for 
whom significant white space 
is not a departure. 

At the recent Lang.NET 
symposium at Microsoft, I was pum- 
meled from several sides for advocating 
Smalltalk over Python as a teaching lan- 
guage, and, although I think there are 
valid arguments to be made for using a 
single-paradigm language for learning, 
ResolverOne is itself a compelling 
argument for Python. 

The spreadsheet concept is clearly 
something that people "get." Spread- 
sheets are astonishingly efficient for 
computational tasks not heavily reliant 



on computational state (and, even 
there, I should probably qualify the 
limits as relating to state transitions 
that cannot be determined at develop 
time). Putting aside any kind of psy- 
chodynamic analysis, there is some- 
thing profound to be learned from the 
gap between the 100 million people 
who use Excel regularly to 
solve computational prob- 
lems and the single-digit 
millions who write ordered 
lines of specialized syntax to 
do the same. If ResolverOne 
can establish a better bridge 
between power users and 
^fr , programmers — and I'm con- 
vinced it can — then that 
alone would justify attention 
from SD Times readers, 
putting that aside, 
ResolverOne is fascinating as a devel- 
opment story; the application is, itself, 
written in IronPython, Microsoft's 
.NET-based implementation of the lan- 
guage. At approximately 140,000 lines 
of code, it is very likely the largest pro- 
gram written against the implementa- 
tion. And, according to Resolver Sys- 
tems' Giles Thomas, "IronPython was 
definitely a better language for this 
than C# 2.0. Development was very 
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fast. All of our performance issues had 
to do with algorithm design rather than 
language choice." 

I've worried that large dynamic sys- 
tems might become unintelligible, but 
Thomas says that's not their experience. 
Rather, their use of pair programming 
and test-driven development has deliv- 
ered high productivity; of the 140,000 
lines of code, 110,000 are tests. Intrigu- 
ingly, Thomas says this ratio has stayed 
similar since early in development, 
although it seems higher than other 
rule-of-thumb ratios I've heard from 
such colleagues as Andrew Binstock. 

ResolverOne has been in develop- 
ment for roughly two years, is written 
in a language without explicit type dec- 
larations, and is on an implementation 
that itself is in active development. It's 
been brought to beta in a credible, if 
not downright impressive, time despite 
being developed by pairs of program- 
mers writing far more lines of test than 
application. Yet, no one can credibly 
dismiss the complexity of 30,000 lines 
of application logic or spreadsheet 
functionality, much less the truly inno- 
vative spreadsheet-program features. 

ResolverOne is easily the most com- 
pelling data point I've heard for the 
practices of Extreme Programming. I 

Larry O^Brien is a technology consul- 
tant, analyst and writer Read his hlog at 
www. knowing, net. 
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SOA Governance: Something You Do, Not Buy 



Recently I posted a blog that defines 
and categorizes the patterns of SOA 
governance technology that we're see- 
ing. In essence, I divided them into two 
major categories: design time and run- 
time, with a few shades of gray in the 
middle. 

The posting sparked two major reac- 
tions. First, some thought it was danger- 
ous to define and categorize SOA gover- 
nance into no more than two areas. 
Second, I was reminded that I am for- 
getting the people, approaches, disci- 
plines and the overarching process. 

One thing I learned was that SOA 
governance has yet to be properly 
defined. Those selling SOA governance 
technology are trying to define it 
through the press and white papers, but 
the definition keeps changing over time. 

The roots of SOA governance are 
with governance as defined by the older 
world of enterprise architecture (EA). 
In EA, governance is more of a manage- 
ment concept in which a single control- 
ling body defines technology solutions 
and approaches for an entire enterprise. 
Without that, everyone would be build- 
ing systems without a common strategy 
as to how all of those systems would 
work and play well together to form 
enterprise architecture. So, governance 
in that world is really enforcing disci- 



pline within the ranks, and when gover- 
nance leverages tools, it does so to man- 
age IT assets. 

So, SOA governance is really EA gov- 
ernance taken to the world of SOA, with 
SOA being an architectural pattern. 
Thus, SOA governance is a governance 
pattern. This is according to me, by the 
way. Others have their own 
definitions, but that's the 
point I'm trying to make here. 

SOA governance is really 
best defined as creating and 
managing a guiding discipline 
around the design, develop- 
ment, testing, policies, imple- 
mentation, and management 
of core services that are found 
in a SOA. 

So, it's something you do, 
not something you buy. 

Here are some other definitions I 
found in Wikipedia: 

Anne Thomas Manes defines gover- 
nance as "the processes that an enter- 
prise puts in place to ensure that things 
are done ... in accordance with best 
practices, architectural principles, gov- 
ernment regulations, laws, and other 
determining factors. SOA governance 
refers to the processes used to govern 
adoption and implementation of SOA." 

She continues, "SOA is about behav- 




ior, not something you build or buy. You 
have to change behavior to make it 
effective." 

Gartner defines SOA governance as 
"ensuring and validating that assets and 
artifacts within the architecture are act- 
ing as expected and maintaining a cer- 
tain level of quality." 

NOT THE TECHNOLOGY 

The larger issue is that SOA 
governance is around what 
people do, not what people 
use. We have a tendency to 
get caught up with the tech- 
nology, instead of focusing on 
approaches or disciplines. 
Indeed, as I start working 
with enterprises, I see that 
they are consumed by the 
technology. They typically made their 
"SOA governance" purchase and now 
want to figure out what to do with it. 
They hate my response when I remind 
them that it's about the people, process- 
es, approaches and the behavior — not 
which SOA governance tool is right for 
you. 

If this were The SOA World Accord- 
ing to Dave, I would suggest that a few 
things occur: 

First, we need to better define SOA 
governance and how it links to EA gov- 



ernance. Having that void now allows a 
lot of hype to creep in, and the vendors 
are defining SOA governance as a set of 
technologies, not behavior. The same 
issue occurred back in the EAI days. If 
you read my EAI book, you would see 
that it has little to do with technology. 
However, some clever vendors with 
large marketing budgets were able to 
commandeer the term as something 
that defined their technology. EAI was 
also something you do, not something 
you buy. 

Second, focus on the people and the 
approaches with this objective: Alter 
behavior to better provide SOA gover- 
nance. This means training, mentoring, 
establishing best practices, and, yes, at 
some point, even investing in some 
infrastructure technology to support 
the behaviors. Technology is not bad as 
long as it's used in context with under- 
standing. It never works the other 
way around. 

Finally, the vendors need to take a 
proactive role in educating those people 
out there who are leveraging the notion 
of SOA governance. If they approaching 
SOA governance with the heart of a 
teacher, not the heart of a salesman, I 
think that they will ultimately will lead to 
more sales, even if it means giving up 
short-term sales for longer-term gains. I 

David S. Linthicum is a managing part- 
ner at ZapThink. Reach him at 
david@zapthink. com. 



Debunking Cyclomatic Complexity 



There can be little doubt that metrics 
are emerging as a new dimension in 
the management of code quality. 
Whereas five years ago, few people 
except for software engineering wonks 
cared to run metrics on their code, now 
many managers are starting to view met- 
rics dashboards as a key tool for knowing 
where a project stands. I suspect, but 
don't know for sure, that the door was 
opened by unit testing: the ability to 
have a visual display of test results, and 
then of code coverage, stimulated the 
desire to obtain additional quantitative 
data about codebases. 

The current infatuation with metrics 
has led to the creation of many new met- 
rics — an explosion of measures that per- 
fectly parallels the explosion of saber- 
metrics in baseball. With so many 
emerging metrics, it's hard to know what 
is useful. So, almost a year ago, Enerjy — 
a company that specializes in metrics 
dashboards — decided to undertake 
extensive research into which metrics 
most track the likelihood of defects. 
They examined more than 50 open- 
source projects. They combed through 
code release by release and matched 
bug reports back to the individual mod- 
ules; from this, they built up a statistical 
model that would identify which metrics 



were the best predictors of problems in 
code. The No. 1 predictor — I doubt this 
will surprise anyone — is the amount of 
code in a given module. The more code, 
the greater the odds of a bug. This 
seems kind of obvious: If all code has 
bugs, the more code in a module, the 
more likely it will have bugs. However, 
as unremarkable as this correlation is, it 
testifies powerfully to the 
benefit of small, discrete 
methods, which is a keystone 
of object-oriented program- 
ming. 

What the survey did not 
show, however, is that code 
complexity does not correlate 
directly to defect probability. 
Enerjy measured complexity 
via the cyclomatic complexity 
number (CCN), which is also 
known as McCabe. It counts the num- 
ber of paths through a given chunk of 
code. Even though CCN has limitations 
(for example, every case statement is 
treated as equal to a new if-statement), 
it's relied on as a solid gauge. What 
Enerjy found was that routines with 
CCNs of 1 through 25 did not follow the 
expected result that greater CCN corre- 
lates to greater probability of defects. 
Rather, it found that for CCNs of 1 
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through 11, the higher the CCN, the 
lower the bug probability. It was not 
until CCN reached 25 that defect prob- 
ability rose sufficiently to equal that of 
routines with a CCN of 1. This is an 
important discovery, because it essen- 
tially states that there is no correlation 
between CCNs of 1 through 25 and bug 
expectancy. By no correlation I mean 
here that for half this range, a 
higher CCN indicates a lower 
chance of defects, while for 
the other half of the span, it 
implies a higher likelihood. 

This range of CCNs with 
values 1 through 25 is impor- 
tant. The majority of rou- 
tines written in object-ori- 
ented languages today (in 
fact, I would surmise, the 
overwhelming majority) have 
CCNs in this range. This means that for 
most code that you write, CCN does 
not tell you anything useful about the 
likelihood of your code's quality. (Above 
25, CCN does correlate to greater bug 
probability.) 

This discovery has implications. For 
example, a recent metric that has gar- 
nered some attention in the press is Agi- 
tar's Crap4j, which measures unit- test 
coverage versus CCN. This metric was 



not the result of hard statistical analysis 
but a means of stating quantitatively that 
complex code needs more unit tests. 
This rule has been a precept at Agitar — 
a vendor of unit-testing software — for a 
long time. The code coverage that 
Crap4j recommends in order to avoid 
crap code rises linearly with CCN, but 
curiously starts with a recommendation 
of percent coverage for code with 
CCN of 1 through 5. 

However, this code is equally bug- 
probable as code with a CCN of 20 — 
which requires 71 percent coverage per 
Agitar to avoid being called crap. To be 
fair, part of Enerjy's results could be 
explained by the fact that small routines 
in the CCN range of 8 through 15, 
which have the lowest CCN, are cleaner 
because of unit tests. But, in that case, 
Crap4j is wrong to suggest that code 
with CCNs of 1 through 5 need have 
zero unit tests to avoid being crap. They 
should be tested to avoid being crap. 

This greater clarity is the insight that 
real research can bring. It shows us the 
danger of adopting rules based on our 
experience and universalizing them 
without checking the reality. Until this 
rigor is more widely accepted, I fear, we 
will hear about more new metrics of 
uncertain value. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his blog at 
binstock. blogspot. com. 
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March is a mad, mad, mad, mad 
month. Winter winds down, spring 
approaches. College basketball teams 
gear up for "March Madness" and the 
road to the national championship. 
South and west, baseball teams start 
loosening up for the long season ahead, 
renewed with the promise of a World 
Series title come October. 

March* also marked the 
beginning of FutureTest, BZ 
Media's executive conference 
on software testing. The two- 
day event showcased some of 
the best speakers in our indus- 
try, including Gary McGraw on 
security, Rob Sabourin on just- 
in-time testing, and Joel Spol- 
sky on . . . well, I'm still trying to 
figure out what Spolsky's topic 
was, but his presentation was 
simply hilarious. His points: Produce soft- 
ware that makes people happy, take into 
account the emotional pull of the brand or 
product, and understand that although 
aesthetics are little more than eye candy, 
people generally like candy. 

Perhaps the session most relevant to 
developers, though, was given by Robert 
Martin, the founder, president and CEO 
of software consultancy ObjectMentor. 
To boil down Martin's talk, the takeaway 
was this: If you want good code, don't 
write bad code. 

There's much more to the craft of soft- 
ware development than that, of course. 
Martin spoke of the craftsmanship and 
the role of testers in ensuring the organi- 
zation exert discipline over the processes. 

Whenever you see an organization 
with a big, messy wad of code, invariably 
that's the result of a failure to exert dis- 
cipline over the creation of that soft- 
ware. "As developers, we're afraid that if 
we put time in [to maintain discipline], 




we're taking it away from something else 
that might need it more," Martin said. 

A big problem, he explained, is that 
developers are so heavily invested in the 
idea that their self-worth is equated with 
speed. He recalled an instance in which 
he had asked developers to complete a 
small application, without assigning a spe- 
cific deadline. They rushed to get it fin- 
ished, Martin said, "thinking 
I'd be pleased with their mess 
of code." You don't get to mar- 
ket by going fast, Martin said, 
but by writingclean code and 
clean tests. 

But if you find yourself 
staring at the wad of rotting 
code, unsure of where to 
begin, avoid a grand redesign, 
Martin said. Companies don't 
(fell want the redesign, but at some 
point, they see changes taking longer, and 
hear the increasingly louder grumblings of 
developers working on that wad of rotting 
code, so they finally agree to a redesign. 
"This works for 10 people" in the organi- 
zation, he said — the folks who will make 
up the "tiger team" that will get to go off 
and work on a greenfield project. Mean- 
while, the rest of the team grows resentful 
because those folks are stuck maintaining 
and working with the rotting code. Mar- 
tin's solution? Do it incrementally. 

"What if every software developer 
left the code better than it was when he 
checked it out?" Martin posited. "What 
if you practiced day-to-day incremental 
improvement? Things would get better 
instead of worse." Just admit there is a 
mess and gradually clean it up. 

If not, you will end up with a race akin 
to Zeno's Paradox — that Achilles can nev- 
er catch the tortoise, because the distance 
Achilles must go to overtake the tortoise 
is always increasing just a bit more by the 



distance gained by the tortoise. On soft- 
ware projects, the requirements the tiger 
team needs for the greenfield redesign 
are in the old code, but the old code is 
constantly being changed. 

Some other gems from Martin's talk: 
"Test-driven development is the single 
most important practice that's been dis- 
covered in the past 10 years." If devel- 
opment organizations are disciplined, 
the QA team should find nothing. Find- 
ing bugs, he said, is the developer's job. 

Also: "Manual test scripts are 
immoral." Why in the world would you 
(mis)use human talent to type in user 
names and passwords to see what the 
application returns, Martin wondered, 
when the task can be automated? 

There was much more, all of it useful 
and entertaining. 

So, as FutureTest signaled a new level 
of discussion, this column marks the end 
of my tenure on SD Times. It's been eight 
amazing years, as we've chronicled the 
industry's growth from the Micro- 
soft/best-of-breed religious wars, COR- 
BA and the open-source "bazaar" to ser- 
vice-oriented architectures, rich Internet 
applications and virtualized testing and 
deployment environments. I've spoken 
with some of the smartest people I'll ever 
meet and felt the pain of enterprise 
developers, whose needs didn't always 
match up with what software companies 
and consultants were trying to sell them. 

I'm handing the reins back to Alan 
Zeichick, who preceded me as editor-in- 
chief, to take on the same role with BZ 
Media's newest launch, Systems Manage- 
ment News, a newspaper for IT and sys- 
admin managers. I hope the run is at least 
as long, and as rich in subject matter. 

Thanks for allowing me into your 
world. I 

*A11 right, it was actually Feb. 26 and 27, 
but it's my last column — cut me some slack! 

David Rubinstein is editor-in-chief of 
SD Times. 
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MICROSOFT RESHUFFLES EXECUTIVE DECK 

Microsoft has promoted 14 executives to either senior vice president or corporate vice presi- 
dent. New senior vice presidents are Chris Capossela, Kurt DelBene, Antoine Leblond, Andy 
Lees, Satya Nadella and S. Somasegar. Walid Abu-Hadba, Brad Brooks, Larry Cohen, Steve 
Guggenheimer, Scott Guthrie, Roz Ho and Brian Tobey are now corporate vice presidents. 

The fourteenth executive-and one that seems to benefit most from the reshuffling-is Bill 
Veghte. Previously corporate vice president of the Windows Business Group, Veghte will now 
oversee all end-user business strategy, sales and marketing for Microsoft's Windows Client, Win- 
dows Live, MSN and Search divisions. 

Walid Abu-Hadba is replacing Sanjay Parthasarathy as corporate vice president of Developer 
and Platform Evangelism, while Brad Brooks will assume the role of Windows marketing chief, a 
position formerly held by Mike Sievert. 

Scott Guthrie is now the corporate vice president with responsibilities for the .NET develop- 
er platform. He will continue to supervise the development teams that deliver Visual Studio 
developer tools and .NET Framework technologies. Steve Guggenheimer is taking the reins of 
Microsoft's OEM business from Scott Di Valerio, while Mobile Communications executive Pieter 
Knook is replaced by former Server and Tools manager Andrew Lees. 

Roz Ho, formerly head of Entertainment and Devices Division Labs and the Mac business unit 
before that, gets a new title at Premium Mobile Experiences, and will take on the work of absorb- 
ing Danger into the Entertainment and Devices division. Microsoft announced on Feb. 11 that it 
had agreed to acguire the Palo Alto, Calif.-based company. 



Oracle had its planned acguisition of 
BEA Systems for US$8.5 billion 
approved by the U.S. Department of 
Justice and Federal Trade Commis- 
sion. BEA has scheduled a share- 
holders' vote on the deal for April 4 
. . . Coverity has received US$22 mil- 
lion in funding from Foundation Capi- 
tal and Benchmark Capital. 

EARNINGS: Borland Software post- 
ed a 19 percent drop in fourth-guarter 
revenue, to a company low of 
US$61.4 million. Net loss for the 
quarter widened to $41.7 million from 
$11.3 million a year Ago. Executives 
said they expect a drop in in revenue 
of up to $26 million in 2008 
. . . Salesforce.com posted record fis- 
cal fourth-quarter results, exceeding 
US$850 million in annual revenue. I 



EVENTS CALENDAR 



BrainShare 

Salt Lake City 
NOVELL 

www.novell.com/brainshare 



March 16-21 



EclipseCon 2008 

Santa Clara 
ECLIPSE FOUNDATION 

www.eclipsecon.org/2008 



March 17-20 



ESRI Developer Summit March 17-20 

Palm Springs, Calif. 
ESRI 

www.esri.com/events/devsummit/index.html 



Secure Development 
World 

Alexandria, Va. 
SDW 

www.securedevelopmentworld.com 



March 25-26 



Open Source 
Business Conference 

San Francisco 
IDG WORLD EXPO 

www.infoworld.com/event/osbc 



March 25-26 



SLAM (Sales, Licensing, 
Alliances & Marketing) 

Burlingame, Calif. 
SOFTWARE BUSINESS 

www.slamconference.com 



April 3-4 



Developer Relations 
Conference 

Redwood City, Calif. 
EVANS DATA 

www.evansdata.com/drc 



April 7-8 



RSA Conference 


April 7-11 


San Francisco 




RSA 




www.rsaconference.com/2008/US 




MySQL Conference & Expo April 14-17 


Santa Clara 




MYSQL 




en.oreilly.com/mysql2008 





Embedded Systems 
Conference 

San Jose 
CMP MEDIA 

www.embedded.com/esc/sv 



April 14-18 



Software Test & 
Performance Conference 

San Mateo, Calif. 
BZ MEDIA 

www.stpcon.com 



April 15-17 



Software 2008 

Las Vegas 
CMP MEDIA 

www.software2008.com 



April 29-30 



CommunityOne 

San Francisco 

SUN MICROSYSTEMS 

developers.sun.com/events/communityone 



May 5 



JavaOne 

San Francisco 

SUN MICROSYSTEMS 

java.sun.com/javaone/sf/index.jsp 



May 6-9 



May 18-22 



IDUG 2008 

Dallas 

INTERNATIONAL DB2 USERS GROUP 

conferences.idug.org/na 

Microsoft TechEd June 10-13 

Orlando, Fla. 
MICROSOFT 

www.microsoft.com/events/teched2008/default.mspx 

For a more complete calendar of U.S. software 
development events, see www.bzmedia.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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Innovations by InterSystems 

Embed competitive advantages. 




To make database applications more valuable, embed InterSystems Cache*- the object database 

that runs SQL faster than relational databases - and enjoy higher speed and scalability while 

lowering hardware and administration requirements. Or, tor applications that have to link with 

multiple systems and processes, embed InterSystems Ensemble®. Your applications will become 
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TechExcel DevSuite 

The ALM Platform for Scalable Agile Development 

s Integrated requirements management, project planning, implementation tracking and QA testing 
- Provides out-of-the-box implementations for Agile and other standard methodologies 

• Facilitates close collaboration of globally distributed teams 

* Scalable from small teams to thousands of users 



A fully integrated suite of best-of-breed ALM products: 

' DevSpec: Requirements management 



(m DevPlan: Project planning 

^% DevTrack: Implementation and issue tracking 

^5 DevTest: QA test management 

^9 KnowledgeWise: Knowledge and Digital Asset Management 
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Try DevSuite Live at www.techexcel.com/sdtimes 
www.techexcel.com I 1-800-439-7782 



